Slashdot Mirror
More on Sony's "DRM Rootkit"
A couple of days ago we posted a story about Sony DRM installing a rootkit. Since then we have seen many more stories on the subject that I thought were worth sharing.
manno gave us a link to the inquirer and salemnic sent us a page from the washington post. smallfries gave us one from PC Pro.
It's nice to see this story not getting lost in the cracks since the implications are gigantic.
Even if this doesn't go to court, at least this is getting some attention... and ANY bad attention for DRM makes me happy.
Earn a % of cash back from Newegg, Tiger Direct, Walmart.com, and more: http://www.mrrebates.com?refid=458505
We Got Root
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
"infected with DRM"
Love it. Great phrase. Maybe it'll catch on.
With Slashdot reporting this 10 times a day I doubt it will get lost :)
Ok sure, so boycotting Sony is not realistic. Or is it...? We can really do without them. Screw their stupid DRM'ed Memorysticks, we have our SD and CompactFlash. Screw their VAIO's, we have Dell and Taiwanese laptops.. Screw their TV's, we have better ones from other brands. Screw PS3, we have XBOX2 and Nintendo Revolution. Screw PSP, we have Nintendo DS. Once they get the collective shaft, well, other companies will think twice before pulling shit like this.
Based on the grounds that it re-routes the windows instructions on how to play *all* audio CDs. If you remove the DRM by force, you lose the ability to play other music as well.
Nice that you've read up on the matter,
It is not stated in the EULA that this rootkit will be installed, plus there's no way to uninstall it through add.remove programs
"WebTV: bringing the Internet into the shallow end of the gene pool since 1995" - Martin Bishop
The malware installed is created by a company called First4Internet.
/. community with me? ;)
They're based in Banbury, Oxford and their CEO is Mathew Gilliant-Smith DBC.
6 South Bar Street
Banbury
Oxfordshire
OX16 9AA
United Kingdom
All info (and more) available on their website here http://www.first4internet.com/contact.aspx/
That's about 20 minutes in the car for me, should I go pay them a visit - taking the best wishes of the
Interesting.. Some reports Finnish reader of this news in Sektori.com (in Finnish) reports Contents\GO.EXE file seems to contain parts of the LAME player. Can anyone verify this? Is Sony distributing LGPL software on the CDs?
"Although it is not true that all conservatives are stupid, it is true that most stupid people are conservative."
Sony could be held liable in a class-action lawsuit. Anyone can design a virus and name it "$sys$" now, and AV software won't be able to detect it if this rootkit is installed. An IM worm could use this naming scheme, only infect a few thousand people, and the news would report, "SONY's DRM software used to hide latest virus". It'd be a horrible blow, and they'd totally deserve it. I still think we'll see a virus/worm that does this before the end of this month.
On a related note: World of Warcraft hackers are now using Sony's DRM rootkit to hide from "the Warden". I tried to submit this as a standalone story, but since I saw this DRM news update, I figured I'd post it here.
Is Sony aiding and abetting cheaters?
That's because you are an idiot. No, really.
Lesbian Nazi Hookers Abducted by UFOs and Forced Into Weight Loss Programs - -all next week on Town Talk.
Unfortunately Sony may be able to claim that they offer an uninstaller.
From TFA:
Hypponen said the only way to uninstall the program in the conventional sense (without running the risk of hosing your system or CD-ROM drive) is to contact Sony BMG directly via a Web form and request removal.
At that point, a real, live person will call you back and ask for all kinds of information about your system, and your reason for wanting to remove the software. You're then directed to a Web page that downloads an ActiveX program (yes, you must be using Microsoft's Internet Explorer to do this), which determines what version is installed and reports that back to First4Internet. Then you get an e-mail containing a link to another site that downloads something that finally uninstalls the Sony program.
So, although they make you sell your firstborn to get it, they apparently do offer an uninstaller. IANAL, but maybe someone can still argue that the uninstaller needs to be bundled with the CD. Sony might also be liable if the installation damages your computer.
Apparently this rootkit does not run on Mac OSX. Yet another example of the vast library of software available only to Windows users. :-(
i ng
Look at Sony's FAQ,
http://cp.sonybmg.com/xcp/english/faq.html#listen
The protected CD looses all features and appears as a normal CD on a Macintosh. This really sucks!
Im switching to Windows!
If you can manage to find the hidden software files and do delete tehm as suggested in the EULA, you will no longer be able to access your CD drive.
Funny how no mention of those points are made in the agreement.
- complain to editors about posting dupes
- editors start to link to their previous stories
- posters visit those previous stories, and copy links FROM THE previous FREAKING ARTICLE itself
- ???
- profit!!
How does this stuff get modded up?Has this passed? Is it applicable?
0 2929:
(4) inducing the user to install a computer software component onto the computer or preventing efforts to block installation of a software component;
http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.
If they used racketeering laws to go after the RIAA, why not antispyware legislation against this?
Posted by: Dickrichard | Nov 1, 2005 11:03:07 PM
;)t ml but nothing really beats searching.
I'm posting this via a proxy just in case Sony doesn't like what I post...
After reading this news story I decided to go after this software and defeat it, and I did.
The following is how you kill this hidden install. I did this in Windows XP Pro, so attempt on another OS at your discretion. This will require Administrator rights. Please read through the entire instruction set, and if you don't feel comfortable attempting this, then don't. The rest of you, follow me
1. hit windowsKey+R to open the RUN command. Type services.msc to run the services dialog. Find 'Plug and Play Device Manager' in the list, right click and choose Properties. Under the General tab of the box that comes up, in the middle there should be the "startup type" of the service. Set this value to "disabled" and click OK. Next find the service named 'XCP CD Proxy' and set its startup type to disabled as well. You won't be able to stop these services, only disable them from starting next time Windows starts.
2. Download and run the latest Blacklight beta from http://www.f-secure.com/blacklight/ This program will find the 'super hidden' CD proxy files we're trying to get rid of. When it finishes searching click next until you reach the screen that shows you all the hidden files it found. Select all these files and click the "rename" button to the right. Windows will restart once you click OK, and the files will be renamed.
3. Once Windows restarts you will have lost any and all CD/DVD drives. DON'T PANIC! Hit windowsKey+Pause/Break to open up your System dialog. Click on the Hardware tab, then on the "Device Manager" button. Your system will not list any CD/DVD drives, but you should see IDE slot(s) that have little yellow circles with exclamation points over them indicating a device with a problem. In order to restore the drivers to their un-sony-altered state you must right click on the affected device and choose "uninstall driver". Do this for each device with a problem.
4. Now that you have uninstalled the affected drivers, simply navigate to your Control Panel via the Start Menu and choose "Add Hardware". The add hardware wizard will run and find your previously disabled devices. Your drives are now restored and functional, and this potentially dangerous menace vanquished.
5. Advanced users may now go and clean up the mess, but this step is not necessary. Delete renamed files, and dare I say it, registry keys that pertain to Sony's program. Use this list for reference: http://www.europe.f-secure.com/v-descs/xcp_drm.sh
As an added note, once I got my drives back up and running, I popped in the CD that put this program on my computer. I was able to use a multi-session aware program (Roxio) to access the audio portion of the disk and rip MP3s to my hard drive where they will now be listened to in my preferred player the way God intended it to be. Oh, and the only illegal thing that went on here was what Sony did!
CONSUMER 1 - SONY 0
P.S. Once you rip MP3s from your Sony disc, burn it the old fashioned way, with gasoline and a match!
So, technically they are in the clear (in the same way that they would be in the clear if they said "the SOFTWARE will reside on YOUR COMPUTER until pigs grow wings"), but what they are doing is still morally very wrong...
As far as being able to uninstall it via "add/remove programs", I wasn't aware that this made software dismissable via legal grounds.
It's just not a matter of failing to supply some user-friendly functionality to make it extra easy to uninstall.
Such functionality might take time to develop, and so a case could be made that the developper just didn't feal it worthwhile to spend the effort...
But in this case, the developers went out of their way to make it extra difficult to detect, let alone remove, their software. Even without Add/remove functionality, you could still remove the files and registry keys manually, if the software was just sloppy, rather than malicious. But in the present case, the software's files and reg keys are hidden, so you can't just remove them. And if you do find the trick how to de-activate the rootkit, removing the resources will break the OS if not done properly (disabled CD driver), meaning that for a normal user the only alternative is to reinstall the OS. Not nice!
Hello.
I have just learned about the malware that Sony has started to add to "compact disks" (in quotes, because Sony breaks the CD standard) via poorly-written DRM software from First4Internet. It is simply unconscionable that Sony would resort to such unethical lengths to prevent the pirating of a software. In fact, criminal trespass comes to mind, given that the software differs from what is described in the EULA and non-removable.
I'm outraged at this behavior demonstrated by Sony, and I can assure you that I am no longer a Sony customer. In short, although I am a computer enthusiast/technologist who builds his own systems and enjoys gaming, and although I am a scientist who uses high-end computing resources on a daily basis, I won't be purchasing any of the following from Sony in the next few years:
1) Stereos and portable audio equipment
2) Flat screen televisions, plasma TV's, etc
3) High-end computer LCD monitors
4) Laptop computers
5) Computer CD and DVD drives
6) Sony-branded CD, DVD, and floppy disk media
7) PlayStation 2 or 3
8) PlayStation Games
9) PlayStation Portable
and needless to say,
10) Sony and BMG music.
If you break standards on DVD equipment, add Sony and Columbia TriStar movies to that list.
Thank you for making my future purchase decisions so much easier.
Sincerely,
****
OpenSource.MathCancer.org: open source comp bio
Additional items from the EULA:
Because you can't spell "slaughter" without "laughter"
... for stuff like this. If you care enough to REALLY do something about it, there are really only two things to do:
Intentionally or otherwise, what the program is exploiting a flaw in a popular operating system in a way that not only enables them to control access to the data on the CD -- which itself is illegal, but fat chance the government will help you with that -- but it in so doing opens up the machine to facile infection with illicit software which it will then actively cover up and make detectable only to very knowledgable users. If DHS is serious about cyber terrorism, they shouldn't be letting companies subvert the already weak security of the predominant operating system and prime them for becoming unwitting pawns in terrorist activity.
Make a simple flyer explaining what's happened and the implications and see if local record stores would be amenable to helping out. This could be as little as having them stuff an info packet in their bags, to leaving a stack of Live Linux CDs that do nothing but permit a user to duplicate a CD to CD-R without the offending software, or even have a "SafeDupe" day where a few people setup a table where purchasers can show proof of purchase and bring a blank CD to have it "SafeDuped" for them. Obviously, most record stores won't want to rock the boat, but a well-spoken and sincere person (armed with copies of coverage from the mainstream media talking about the problem) ought to be able to find at least one or two store managers with an ethical streak.
It's perfectly legal to make such copies, and if you don't believe me, ask a lawyer or download the Bern Convention on Copyright and read it yourself.
And remember kids, calm, cool, and collected. No name calling, no vitriole. Attribute not malice where stupidty is explanation enough, etc. And do make sure that whatever you do is entirely on the up-and-up, transparent to everyone involved, and that the press and SonyMusic are well informed on the subject.
Does anybody know if there is a Linux port of this RK? Or will it run on WINE? I would really love to have this RK on my Linux box. I think it's the only thing stopping me from using Linux on the desktop at the moment.
If SONY circumvents the security I have installed on MY machine with their rootkit are THEY in violation of the DMCA?