Slashdot Mirror
Sony Rootkit Phones Home
strider44 writes "Mark from Sysinternals has digged a little deeper into the Sony DRM and discovered it Phones Home with an ID for the CD being listened to. XCP Support claims that "The player has a standard rotating banner that connects the user to additional content (e.g. provides a link to the artist web site). The player simply looks online to see if another banner is available for rotation. The communication is one-way in that a banner is simply retrieved from the server if available. No information is ever fed back or collected about the consumer or their activities." Also on this topic, Matt Nikki in the comments section discovered that the DRM can be bypassed simply by renaming your favourite ripping program with "$sys$" at the start of the filename and ripping the CD using this file, which is now undetectable even by the Sony DRM. You can use the Sony rootkit itself to bypass their own DRM!" Update: 11/07 14:21 GMT by H : Attentive reader Matteo G.P. Flora also notes that an Italian lawyer has filed suit against Sony on behalf of the Italian equivalent of the EFF. Translation availabe through the hive mind. Update: 11/07 15:18 GMT by H : It does appear that in fact Sony does see through the $sys$ - see Muzzy's comment for more details.
Somewhere in the distance, I hear Nelson shouting, "Ha ha!"
What happens if it phones home with a really big packet?
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I smell a DMCA violation on the /. front page!
Cue the Sony lawyers in 4..3..2....
CDex 1.51 had no issues ripping this CD.
Instead of rushing in and demanding a law to battle this "problem," just leave it alone. The market continues to provide exactly what people want.
Most ony customers care little for this Sony solution. My 12 year old sister doesn't seem to care one bit. Sony has the "right" to provide this feature as you're not being forced to buy it.
You're responsible for checking out a product before buying it. I won't buy any music ROM disc that doesn't have the "CD" certification logo, unless it is from an indie band. I still rip eve y CD from a CD player with an optical out into my PC. Safety first.
If Sony doesn't get a lot of backlash over this system, others will adapt it. I am not buying any more Sony CDs, but I'll buy other products from other divisions.
I see no reason to cry wolf here. You are buying their product. If you find something you don't like, someone will adapt it for your uses.
For those wanting a la , remember you likely supported the same political parties that enacted the DMCA, copyright extensions, and other tyrannical laws. Stop voting in the booth, vote in the checkout aisle.
"No information is ever fed back or collected about the consumer or their activities."
Other then your IP address, date and time it's connected to the net, the CD you're listening to, how often you listen to it...
Is it the game of working out ways to piss off Sony by circumventing their crappy DRM?
The Register
World of Warcraft hackers have confirmed that the hiding capabilities of Sony BMG's content protection software can make tools made for cheating in the online world impossible to detect.
----
Did you like the placement of the comma?
Mark has also just posted how First 4 Internet, the creators of the rootkit, have made a rebuttle on Mark's claims: http://www.sysinternals.com/blog/2005/11/sonys-roo tkit-first-4-internet.html
DRM software bypasses... itself?! Wait...
"You can use the Sony rootkit itself to bypass their own DRM!"
Hopefully that alone will stop the record companies from attempting this type of method again, but I doubt it.
I don't have (and don't plan to buy) one of these CDs, but I would think that any external communication or use of your net connection would have to be disclosed in the EULA. It could be covered in some legalese catch-all such as "as necessary to provide enhanced services", etc. This is the kind of reason I'm immediately suspicious of anything that begins, "For your convenience"... It rarely is.
comment posted by Matti Nikki :
Also, go check Contents\GO.EXE in the cd and search for string "LAME". This is possible LGPL violation, since LAME mp3 library has been statically linked against the executable. You can see that version.c has been compiled in since it generates those version strings, and I found tables.c as well. Didn't locate any code though, apparently removed by optimizing compiler due to being unreferenced, but I couldn't test for all LAME code as I don't have proper tools available (such as sabre-security bindiff)
Actually, if you look further down the comments, you'll find another post by Matt Nikki saying that he tried it again and it didn't work, so either he got lucky one time or something strange is going on.
See here
"Pokey, are you drunk on love?" "Yes. Also whiskey. But mostly love... and whiskey."
I have to hand it to Sony marketing execs. Ordinarily they would be hard-pressed to sell even a few dozen copies of that CD. Throw in some DRM and now you have millions of geeks buying the CD trying to break it (or verify somebody else's claims of having broken it). That stuff is so good you can't even torrent it.
you're not connected to the net? I know, horrible thought to comprehend but there are those of us who aren't plugged in 24/7.
What happens then? Do you get an error message? Does the CD not play? What if you block the ad retrieval via your firewall?
What if I turn off the monitor and walk away while the CD plays? Am I stealing ala Jack Valenti and not watching commercials on tv?
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
These copy protection schemes are NEVER goign to work as long as the content is still available to play on regular cd players. Even if it's not, it will be hacked as long as some hacker thinks it might be an amusing way to spend an afternoon.
why are sony SO unbeleivably stupid as to think otherwise. They must be wasting hundreds of thousands of pounds on this utterly useless rubbish, that even the least technical of people can bypass.
These things are so childish no hacker would even bother with them, as stated this one even defeats itself!
It only takes one breach to distribute a copy, why piss off thousands of genuine paying clients?
The mind boggles, the only people winning are the copy protection companies living happy lives doing nothing but ripping Sony off.
aren't they supposed to do maketing studdies on things before release?
maybe employ a 16 year old to independantly test the schemes for them rather than taking the word of the people selling them this rubbish
(I'd have said 10 year old but it wouldn't be legal)
revenue lost to purchasing clients who will have to return product as it wont run. $X,0000
revenue lost to potential clients who will be scared off buying in the first place. $Y,0000
estimated reputation damage to company. priceless.
estimate of no. of pirated copies prevented. ZERO.
So you can use their own rootkit to bypass their own DRM. And exactly what level of control do you even have at the point where you are screwing with a rootkit to rip CD's on your own computer?
I hope Microsoft is paying attention here, because this could set an EXTREMELY bad trend here. Why do we have these "certified" drivers? Because a lot of them were crap. Now we have software injecting stuff directly into the OS. I can't say this is going to help MS in the security and stability department.
Just my luck, when I make it to slashdot it's something I've analyzed wrong. I tested to rename my ripping software to begin with $sys$ and it ripped it fine, but apparently something else was the deciding factor. I can't reproduce that effect!
There's definitely something fishy going on, however, with two magic lists in the DRM system (one in installer, one in $sys$DRMServer.exe), and the drmserver scans running processes and open windows, testing them against those lists. So far I haven't figured what it does when it finds a match. The code is written in C++ and although I've found the function call, it's virtual and I need to figure which vtable is being used and it's bitchy without a debugger. I'm not going to run this crap on my development systems, and my test machine doesn't even have net access, too much work to setup debuggers on it just yet :(
Anyway, the lists for everyone to see:
http://hack.fi/~muzzy/sony-drm-magic-list.txt
http://hack.fi/~muzzy/sony-drm-magic-list-2.txt
The first one is from installer, the second from drmserver
-- Matti Nikki
What's the EFF?
Wouldn't simply renaming the ripper software have pretty much the same effect? It looks like the DRM simply compares the executable name with its list of executables and does stuff depending on the name.
As posted previously on another SONY DRM/rootkit article, here is a google search through Amazon listing the DRM'ed CDs:o m+intitle:%22%5BCONTENT/COPY-PROTECTED+CD%5D%22&nu m=100/
http://www.google.com/search?q=sony+site:amazon.c
In Soviet Russia . . . DRM bypasses YOU!
Patrolling ftw
SysInternal's Mark Russinovich has posted a new entry about Sony's XCP DRM technology.
According to his post, it seems Sony's fix "patch" makes a little "contact home" contacting Sony servers. This even when sony claims that their software didnt made contact with them.
Slashdot covered previously the intial XCP rootkit story.
The inquirer has an interesting article on the Sony DRM technology overall.
And it seems community have found several alternate uses for the XCP technology which include hiding game cheating software and even to bypass DRM technology
Ubuntu is an African word meaning 'I can't configure Debian'
Gotta get me a Sony cd. with that i can copy cds, passby anti-cheating software in games, even install a few trojans/viruses/worms muhahahahaha...
I just love technology when it comes from the brilliant minds from Sony.
Thank you Sony, you have just set back security on the pc 10 years. oohh the possibilities...
I've bought perhaps 8-10 CDs with "copy protection" over the past few years. Some of these where so crippled that my (very old but functional) CD-player wouldn't play them. The solution? Make a copy!
I still have not come across a CD that won't rip through standard Linux GUI applications Kaudiocreator and/or grip. Usually I start with Kaudiocreator which will rip 90% of copy protected CDs. If it doesn't work out, I think perhaps they manufacture rw-errors on the disc, I switch to grip which will rip the remaining 10%.
This is a hassle for me, and it's ridicules that I have to make a copy of my CDs in order to play them, but it's not a real problem since open source CD-ripping software obviously is superior their Windows equivalent.
I could be wrong. I'm always wrong...
I've always been under the impression that Japanese companies (or those largly held by) were a bit more ethical than their American counterparts. Sony has proven to me that my impression was completely in error. Unless they come very clean, very quickly, I will do my utmost to avoid purchasing any Sony product ever again, be it a new cam corder, an entertianment system...or even blank media.
Does anyone know how safely detect and remove this without relying on the Sony download? For some reason, I don't trust it not to install the software if I don't already have it.
here 'ya go ... which raises an interesting question - what if ET tries to play a Sony CD - what is the timeout option for the "phone home" packet if the ping times are overly long?
Hulk SMASH Celiac Disease
I could see Sony continuing this with their memory sticks. What's to stop them from installing a rootkit anytime you got a digital camera or an mp3 player from them?
Is proper English that hard?
I am a believer of momentum and curves.
>>You can use the Sony rootkit itself to bypass their own DRM!"
... uh ... Sony.
Isn't that a DMCA violation ? Sony had better do something about this by suing
Apparently their new business model is something like this : (Cue Underpant Gnomes)
1. Release rootkit into the wild, including ability for it to bypass your own copy protection.
2. ?
3. Sue self into oblivion. Wait, shouldn't item 3 be "Profit" ?
"Also on this topic, Matt Nikki in the comments section discovered that the DRM can be bypassed simply by renaming your favourite ripping program with "$sys$" at the start of the filename and ripping the CD using this file, which is now undetectable even by the Sony DRM. You can use the Sony rootkit itself to bypass their own DRM!"
This of course brought to you by the same people who brought out copy protection that was defeated by a magic marker.
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
What DRM? No autoplay, no EULA, no DRM.
Matt Nikki in the comments section discovered that the DRM can be bypassed simply by renaming your favourite ripping program with "$sys$" at the start of the filename and ripping the CD using this file, which is now undetectable even by the Sony DRM. You can use the Sony rootkit itself to bypass their own DRM!"
All I've seen from people on this issue are ways to get around the DRM. Yes, there are MANY ways to get around it, audio line-out to a DAT or an iPod, using linux, a mac, CDex, Audiograbber, Audiohijack-pro...
But that is all just retarded, if you're buying this CD and you use it as Sony want you to use it, it is NO different than if you buy the CD and rip it with some workaround. Sony don't SEE a difference. The MP3s will be on DC++ anyway, it's not like they will lose sales to people ripping it for their iPods or whatever.
And if you do buy the CD, (regardless of wheter you rip it or not) you have just voted. Corporations are the Governments of today and with your purchase you vote. And buying any content protected CD regardless of what you do with it is a VOTE to Sony that DRM is acceptable to you. And that means next time it won't be some crappy nobody C&W CD that is taking over your PC, it'll be the big Sony acts. And then the big EMI acts and WB acts and so on.
Vote with your cash, buy non-DRM encumbered CDs or else just steal it. I'd prefer to take the moral issues and risk of stealing rather than just be Sony's bitch and install their shitty rootkit on my computer.
OOPS! It appears I was wrong about being able to hide the ripping software with $sys$ prefix! However, during my first test it DID work, so something's going on. Looks like I'll have to disassemble the damn thing to be sure.
# posted by Matti Nikki : 11:36 AM, November 06, 2005
So not only do they infect my PC, but now i have to get ads just to listen to some music?
---- Booth was a patriot ----
Get yourself a trial of VMWare or Virtual PC, and throw Win2K on there.
That way, you'll have a sandbox to play in on a net connected machine.
Lest anyone at Microsoft or Sony not understand why they don't "hear from my XP box"...
It is because the damned thing is NEVER allowed online!
And if and when I eventually go to VISTA, I won't allow it to go online either.
Microsoft has simply created an unbelievable amount of ill-will and lack of trust in me.
My Macs are the only thing I trust to go online, with the exception of running XP in emulation on my Mac.
this i thought was intresting basicly says as a custumer your screwed. http://news.com.com/Why+they+say+spyware+is+good+f or+you/2010-1071_3-5934150.html
Call me crazy, but why don't you use a prog from the magic list to rip a protected cd under the watch of ye ol rootkit? I'm sure it's intentions will be revealed!
What's the goal here? To stop the people who buy CDs and rip copies for a few friends... by driving everybody to rely on safer online distribution exclusively?
NPR had a story about this, and did a reasonable job of it. If they would cover it a few more times as things progress, maybe Sony will get the picture.
Currently I own 2 Sony products--a Clie and a Cybershot. If this kind of thing continues, however, I will make these my last Sony purchases of any kind.
There is a good reason that this matters, not just to us, but to everyone: Sony has obviously lied about their actions, and should be held responsible. If we as consumers don't stand up and say "stop", then this will get worse. Currently computers are very powerful, but with more and more of this crap, we will all soon need Cray's to run even the simplest game smoothly because of the myriad background services that are hogging resources. I've already decided that as soon as I can I will ditch Windows (all that I need is money to buy SPSS/SAS for linux, or the ability to run SPSS in wine, and I'm good)--for the same reasons.
If I get rid of windows, then sony can't pull this crap.
Finally, is there a non-Sony-provided version of an uninstaller for this crap? I don't trust them!
"We don't know what we are doing, but we are doing it very carefully,..." Wherry, R.J. Personnel Psychology (1995)
Just because it is illegal does not make it wrong.
Ah, but you didn't say illegal, you said wrong. The equation of the two is perhaps the greatest threat to liberty in the modern world.
Real Daleks don't climb stairs - they level the building.
If you care about this, then don't buy Sony games, music or movies. If you don't care about DRM and spyware issues then by all means go out and buy more product from them.
Is sending a clear message that you will not tolerate corporate abuses worth going a few months without shelling out $18 for a CD that has two decent tracks on it?
Accept nothing less - the public firing of the VP who oversaw the department that gave the green light to this - or no purchase of any Sony game, music or movie.
Personally I don't think enough people value unhacked systems enough to make the sacrifice. My prediction is that Sony will essentially get away with it, may have their insurance company pay a few settlement checks, and make a better attempt next time around. Or simply write enough checks to MS to ensure that the DRM is included in the Colonel (weak joke about a police state... sorry). And write enough checks to Motorola and Intel to make sure that DRM is included at the chip level. And write enough checks to US Senators to make sure that the law will back them up next time.
Again, the only recourse is to refuse to buy Sony products until a VP is fired. Nothing else will work.
If the g'vt kept the data on you that google does you'd better believe you'd be calling it "doing evil"
They were a great company but the time for boycott has arrived. I bid them a good day.
Violating my trust by installing rootkits and monitoring my listening habits is unacceptable and should be illegal. Now I have to use RKR to go see how many of PCs have been damaged by their fiendish malware.
Isn't the solution pretty simple? Anyone surprised that Sony is pulling shit like this? They're one of the major members of the RIAA, MPAA, CRIA... Don't be a stupid consumer -- it's ridiculous to both spend your money on something that upsets you, only to get upset more. Warn your family against Sony products
Don't get your panties in a wad, genius. The LAME string exists because that is one of the pirate programs that the DRM software specifically looks for. Simply having the string in your program doesn't make it a LGPL violation. That would be LAME.
Duh.
It is because the damned thing is NEVER allowed online!
/. our rootkit can access the sony.net (tm) as well.
Sorry, if you can post on
I'm really wondering with the recent rootkit/DRM Sony news if this will result in any substantial backlash against Sony. In particular, I'm curious how this will factor into the next gen high def DVD wars, since Sony is an obvious big player in the Blu-ray camp. I used to be pro Blu-ray but now with this recent news I find myself agreeing with the HD-DVD camp more and more. Do we really want Sony heading up any major future electronic standards?
sig here
I used to only by CDs because I liked having somthing physical to hold in my hands after spending money on music. I only used itunes to catalog my ripped CD collection. Thanks to your efforts at treating me like a criminal and trying to infect my machine with software I didn't ask for, I am now a full fledged iTunes customer.
I can't belive I waited this long. No longer am I buying a whole album for a few good songs. I am now spending my money more wisely buying just the tracks I like. For this I thank you!
Circumvention is only a crime if one circumvents a technological measure that effectively protects copyrighted content. Show of hands, folks: Anyone think this brain-dead scheme is "effective?" ... ... Thought not. RIAA, you can put your hand down now, nobody else has theirs up.
A scheme that's foiled by simply not using autorun is hardly effective, and it would be difficult even to convince a jury of 12 typical cheeseheads that it is.
"My strength is as the strength of ten men, for I am wired to the eyeballs on espresso."
This "rootkit" doesn't even have to be present now that the virus/trojan/spyware writers know it is possible. Re-implementing this feature would just be one of the first steps of installation. Shouldn't people be demanding a fix for this from Microsoft?
Edward Burr
Having a smoking section in a restaurant is like having a peeing section in a swimming pool.
as an aside, i have a thought which many readers here might find horryfying. when MS / Apple release their new hardware / software, we have this all over again. who is MAKING you buy their new products? maybe if everyone votes with their respective unit of currency we can force them to not load all this crap onto us. you don't always have to have the latest stuff. and at what price?
this is all backwards - we pay them... so why do we take all the crap?
i will now return to the place where all this has already happened... my imaginary world. my imaginary world has no relation to the real world...
If I play this CD and it "phones home", then "they" know
- I have played the CD
- if I need a new banner
- they know where to Send it to
- they know how often I listen to it (via how many times I've checked for a new banner
I say Bull. There is a lot that can be said about me based on the idea that this rootkit phones home.~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
"First things first -- but not necessarily in that order"
-- The Doctor, "Doctor
the more users will slip through your fingers...
Oh, how i wish i had 5 accounts with modpoints. I would have given them all to you.
The system had the verbosity of HTML combined with all the readability of compiled assembly viewed as bitmap images
That's it.
I will not buy Sony music, Sony HDTVs, or any other Sony Electronics or products!
Kiss a lifetime of revenue streams Goodbye.
Sony isn't #1 anymore anyway, Samsung makes better electronics.
Panasonic and Sharp crush Sony in the quality of their HDTVs and other
home electonics.
Sony - a walkman one hit wonder from the 80s.
Stick a fork in 'em, they're done.
you insensitive clod!
It won't install under Virtual PC. It requires that the CD is in drive during installation, and doesn't detect this to be the case when using Virtual PC. It probably just can't handle multisession CDs...
:)
Anyway, as a bonus, even though the rootkit doesn't install in virtual PC, it still calls home and tells sony about you
-- Matti Nikki
Did you try ripping the cd to an ISO first and using that in vmware?
The audio tracks on a CD isn't stored in a ISO9660 filesystem, so that won't work.
Hmm... well, it was worth a shot...
I'm going ahead and warning everybody I know about this, though...
Hopefully, Sony can be stopped.
I'm seriously tempted to get one of these, except it's only a PlayStation logo...
Btw, Since distracting CD-ROM functionality by randomizing the signal a little seems to be "OK", you can expect the record companies to target P2P apps with future DRM systems. If it's OK to screw your system and ripping software, it's going to be ok to screw your p2p if they think you're sharing their stuff. This kind of malware along with DRM is a slippery slope, and you'll never know where it ends if you tolerate it even a little.
-- Matti Nikki
Here is how the public can put an end to this type of scheme. As someone earlier noted, this is software that is installed without warning or the user's knowlege or permission. That qualifies it as a trojan. That alone is bad. Now if someone were to determine a way that it has or can potentially damage data on a system, then it seems Sony could/would be liable for such damage. Most software has lots of disclaimers in their EULA, but since there is no EULA, Sony can't say they warned you.
Another tactic would be to make a game/application that detects the rootkit was installed and then it causes some minor harm. Again, Sony would bear some of that responsibility since they installed software without a user's permission or knowlege that caused damage due to its presence.
If one of those scenerios were to take place, it would likely scare Sony and other music suppliers from covertly pulling future schemes of this nature. They will still likely continue to use DRM, which is their right, but only overtly with lots of warnings and possible explanations of how they work so as to minimize their liability from future complications like the ones mentioned above.
Ninjas don't carry tic tacs
If it wasn't in a standard file system, it wouldn't work on a Mac or Linux PC.
This is just a game they're playing with sessions on the disk.
Would it be possible to simply blacklist in DNS the server this rootkit is phoning home to ? Here, problem solved.
:wq
I am using ZoneAlarm if anyone wants to know.
It looks like it is looking for the filename you are running and then either looking at the running proccess names or scanning the windows titles.
An alternative to VMWARE is the excellent, and free QEMU.
to see the kit added to major antivirus detection list.
Trojan detected: WIN32.DrmSony.SPY@mm - Threat: medium; class: Spyware, Rootkit, OS-damage.
Known to cause CD drive malfunction, secretly uploads third party data, prevents certain userspace programs from running, hides from the OS, installs itself without user consent.
OS infection prevented.
Warning: E:\ Volume is Read-Only. The virus cannot be removed (cause: Data written to non-erasable CD.)
Recommendation: Back up all non-infected data from the medium by re-burning it to a new blank CD, destroy infected disk.
Anagram("United States of America") == "Dine out, taste a Mac, fries"
That was supposed to be funny, dammit! FUNNY! ...Or at least I sincerely hope it was :-/
For the love of God, please learn to spell "ridiculous"!!!
Nice pull of the 'liberty' strings there, you got your mod points, but you are still incorrect. Ripping this CD is both illegal and wrong; if you bought this CD, you entered into a contract with Sony, and by ripping it, you are breaking your side of the contract, which is wrong in every sense. You can't justify ripping this CD, but please go on rationalising it, if it makes you feel better.
I'm really sorry about this mate. I *did* read all of the comments but I completely missed your retraction comment the first time around. Only *after* I submitted the news article did I see the other comment you made saying you can't reproduce it, and I couldn't figure out any way of modifying the news post. I just totally knew that the editors would pick my submission as soon as I saw the other comment.
to see where this will go.. how long before your cd has to dial into an advertising scheme of some sort before you can listen to to the music you paid for.
[I have no name!:/]# _
Aren't programs that secretly "phone home" considered a violation of federal privacy laws as well as consumer protection laws? Depending on who and where it occurs I can even see possible endangerment of our national security here...
No I didn't. I entered into a contract for sale of goods with the record store, the terms of which were that I handed over some cash and they handed over a CD. That contract was fulfilled to the satisfaction of both sides. I have no other contractual obligations of any kind.
Real Daleks don't climb stairs - they level the building.
Comment removed based on user account deletion
Now, I didn't buy that CD (or any others in the last five or six years) but if I had, I'd like to see where the terms and conditions of the contract that I SIGNED AND AGREED to are. If they are available for viewing BEFORE I make the purchase AND they explicitly indicate everything that Sony is allowed to do to my computer if I choose to put it in my computer, then you have a point. If not, then it is nothing more than a con, equivalent to me mailing you a letter that you open to see "the act of opening this letter means you agree to give me all your worldly assets, and none of your debts". If you feel Sony isn't WRONG, then you'd better fork over everything you own when you get that letter, because it's the same thing. Now, if I posted "the act of opening this letter means you agree to give me all your worldly assets, and none of your debts" and you open it, well, that's fair game because you had the option, and if you weren't a dumbass, you wouldn't open it. That's the difference. Sony is not providing OUTSIDE of the purchase the terms and conditions that you are claiming binds the purchasor, and Sony is NOT refunding your money if you disagree with what you find inside.
Ripping this CD is both illegal and wrong; if you bought this CD, you entered into a contract with Sony
Breaching a contract may be illegal, but buying a product is not the same thing as entering into a contract. Not even implicitly. It never has been.
The whole EULA thing has thrown some mud into the water, but the distinction remains...you don't enter into the contract until you click "accept"...simply buying the product does not automatically accept the EULA.
With CD's, there isn't even an EULA, hence no contract. Their content is protected under copyright law alone...which is quite a different thing from a contract (and includes clauses which may allow for personal backups).
Also, whether or not ripping it is wrong is not so finally decided. Morality tends to be a bit relative, and obviously some people have different opinions on the matter than you do.
but how many slashdotters are going to go out and buy the PS3?
i can see all thesi *.vbs *.bat etc. files in the email ... ...?
attachment getting saFed as $sys$*.vbs
cool "$sys$netsky.newsonysupported.vbs"
We all know that uninstalling this DRM crap is a (criminal) violation of the DMCA. What happens if rather than remove this from the existing operating system, you reinstall the entire OS? The first thing I do when a machine has been compromised is wipe it clean and reinstall it. Anything hiding running processes from me is in my eyes malware and has compromised my system. Am I a criminal for re-installing the OS now?
/me scratches head
Beware of he who would deny you access to information, for in his heart he dreams himself your master.
Microsoft has simply created an unbelievable amount of ill-will and lack of trust in me.
This article is about Sony and their creation of ill-will and lack of trust, not Microsoft. Yes, yes. Sony's rootkit is designed for windows, autoplay, etc and so on, but you really can't blame Microsoft in this case. It is just as possible to create a rootkit for any Macintosh or Linux machine, they just haven't because most of their customers use windows.
As for autoplay being a bad idea, it is and it isn't. I remember back when autoplay was first introduced (I can't beleive it was 10 years ago) the whole idea was that you would buy a product from the store, insert it into your computer, and bam, you're off. I remember thinking it was a pretty cool idea at the time, although only one program actually did it as cool as the Microsoft commercials, SimCity 2000. (You would insert the CD-ROM, and then play the game, w/out installation). While in retrospect it wasn't the best idea security-wise (at least without some sort of warning), I would be sad to see autoplay completely dissapear, since I'm lazy and enjoy my computer anticipating what I want it to do.
No, this is some horrible mistake! I think the man you really want is Harry T uttle
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Next story: Sony rootkit steals your soul and sells it to child pornographers/kitten murders. More at 6.
If by excellent you mean ass slow... KQEMU is a huge help, but it's no VMware... VMWare has support for 3D hardware acceleration, finally, too..
--
Don't fight Firefox! Let FireFox fight YOU!
See? Not advertised in the EULA. So how are you supposed to know about it? It's one thing when it's hidden at the bottom of the EULA in small type - it's something else when it is ommitted from the EULA altogether. The comments in the article also detail problems several people had with the software - like a gamer with a 64-bit system who had his CD/DVD drive 'disappear' after installing this software - a piece of software with NO uninstall utility. All you get from Sony is a patch that removes the hiding of $sys$ files - they so far have refused to provide an uninstall utility for the software itself.
Well, maybe not died. Maybe they just got pissed and shut down Sony's American market, but that wouldn't sound good on a sound bite.
My marketing-phrase is more emotionally charged.
So, where are all of the myriad security/anti-virus/anti-spyware companies with their Security Advisories on this subject (I checked McAfee, Symantec, and ISS; SANS only references other websites)? Since this could potentially be used for more malicious purposes why are the big security companies so quiet about it?
Hmmm, possibly because if they sent out advisoriies and/or their products detected the trojan, then their customer's would be (rightfully) upset that the product did not remove the threat. And removing the threat constitues a violation of DMCA.
Sad that "mainstream" security researchers are saying nothing on this subject. Some of these companies charge corporate IT-Sec groups handsomely for their "threat feeds". Since this is almost a week old, and no mention by these groups, it doesn't say much for the "threat feed" services.
Illegal and wrong are not the same thing. Smoking dope is illegal, but it is not wrong. Throwing away perfectly-edible food is not illegal, but it's wrong.
Anyway, your computer is running a pirate copy of Windows, so you're a fine one to talk. Come back when you have a clue.
Je fume. Tu fumes. Nous fûmes!
Everybody in industrialized nations will always have access to more than enough medium for their brains to drown in. Money made directly from the sale of media, is in this case, a secondary concern.
The only things people might have a more difficult time gaining access to in our DRM future are positive, un-tainted messages. Though with choice and intent, people can find those easily enough as well.
So don't sweat the reverse psychology; we'll still all be able to listen to the next pop star with relatively little trouble. --In fact, as per usual, it will probably take a degree of concentrated effort to avoid whatever dark-side, soul-draining message of slavery is being broadcast.
"Hit me Baby, one more time."
Ugh. The stuff is like nuclear fall-out. Destructive and near impossible to avoid.
-FL
Hmm. it is slow, but not very slow. Then again, I'm using a 3GHz P4 with 2GB RAM, and so I'm not altogether unhappy with the performance. The VM (without KQEMU) feels like it's about 400 Mhz, with 256 MB RAM, so although I wouldn't call it speedy, it is, however, quite usable. Win98 boots in 20 seconds, and takes another 15 to start firefox.
KQEMU is nice - I just haven't bothered to recompile it yet.
I do have to agree with your comments. I agree that other OS's can have software added in bad ways. What I would prefer to see is that the OS's that I run, never allow any install to occurr without me personally OKing the operation. Maybe that would be obtrusive, but that is what I would wish.
But what I do object to in MS Windows is the concept that Microsoft has designed their "system" with the input from their 'strategic partners' like Sony, to allow these sorts of things which have happened, which is basically designing an OS to be primarily setup behind the scenes away from the user, such that the OS is at the beck and call of Microsoft and its partners. Microsoft is thus responsible for this mess, at the 'root' of the problem. They thus deserve my dissing and scorn. They have caused a LOT of wasted hours out of my life that should never have ocurred.
This attitude has caused an incredible amount of harm on so many levels that I am surprised some enterprising attorney has not filed a suit against Microsoft and tried to get class action status to represent all individual Windows users.
Don't they need rye bread to breed the ergot that fuels the management / marketing team?
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
1 April 2006
PRESS RELEASE: Announcing The Hider®
The Hider® is a run-time library that your program calls during initialization. It randomizes strings of your choosing, including window names, application names as they appear in the Task Manager, and other strings. It also comes with The Launcher® which will copy your program to a random file name, encode it and add a decoding module, and run it from there.
This program enables your program to hide from "detectors" such as the infamous Sony 2005 Rootkit.
The developers license prohibits the use of this The Hider® and related programs in DRM applications, viruses, and other malicious software. Violators will be prosecuted under the DMCA and other laws.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Heh, it's OK. I should've nuked the first comment the very moment I realized it was wrong, not after getting submitted to slashdot. I didn't realize I could do that since I only created blogger.com account to post to Mark's blog and was totally unaware of any features it had :o
:)
Ohwell, all publicity is good publicity, even if it makes me look like a jerk for a day
-- Matti Nikki
So, for the price of a certain Sony Music CD, I get a fully functional rootkit installation (on the cheap!) that I can exploit for any nefarious purpose I choose!
I can see it now..
Hey Bob (you $#@%), can I use your computer to listen to my CD while IT fixes mine over lunch! I promise not to mess-up your icon arrangement (oooooooooh).
I call this sweet^10!!!
Tell me more about your rootkit for Mac. So, say you duped the user into manually running a program on your CD rather than just importing it directly from iTunes. How are you going to install device drivers or hide your process from detection with access only to user's home directory? If you do find and exploit a new privilege-escalation hole, you are going to jail because you obviously hacked user's computer rather than just using a standard mechanism.
He is responding to the parent. This is certainly flamebait, but NOT OFFTOPIC. RTFModeratorGuidlines.
"where words meet intent, lies rhetoric's lament"
At what point does Amazon start to pick up liability for selling a known defective product without adequate disclosure? If I buy the CD- and Amazon has been warned that the product is defective and likely to damage my computer- are they also a target of the inevitable class-action lawsuits that will follow?
In other words, a geek-only boycott is unlikely to have any affect on Sony- there are way too many Brittney Spears fans out there to sell to. If Sony's distributors are warned off of selling defective, damaging product- and there is legal evidence that they knew about the problem and sold it anyway- they will also face monetary damages. This seems to be the quickest way to get these trojans off the market.
What a strange bird is the pelican, his beak can hold more than his belly can.
No, I mean it. I'm through with them. Not for a month or a year. Forever!
On se Internetz nobody noes your German.
Kinda offtopic (I blame /. for not having any metaforum), but those Updates of the story are very welcome and brings back fond memories of editors not just copy-pasting the stories without checking more than that the link works.
GJ hemos
Sony offered to unmask it so that we can see it's there, but how do we remove it? How do we even know it's there? I want this shit out of my life! Sony you Bastards!
Generation Trance: What generation are you?
Although you have to admit, a RootKit plus Tunes for only $14.99 is quite a bargain. Especially one as well documented as this one is turning out to be. How long before the OSS version is released?
Has DRM ever contributed to the sale of another CD?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
We refuse to buy anything Sony! Anything! Except those Blu-Ray DVD sets of Sailor Moon and those MacIntels with Blu-Ray RW drives! /it's a joke, waste your mod points elsewhere
"Made up/misattributed quote that makes me look smart. I am on
I'm pretty sure that there is a $50 limit on credit card purchases made without a signature, that you make just by swiping the card through a reader.
A lot of gas stations I've been to have signs that say you need to reset the pump and reswipe every fifty dollars (which can mean several times, if you're filling the tank on a large truck or RV), or alternately can come inside and pay there and do it in one shot. I think the difference is that by going inside, you leave your card and have to sign the slip to pay, while outside you just swipe.
That's the best theory I had for it anyway: the CC companies would prefer that people not be able to spend hundreds of dollars without any sort of authentication (even though the signature checking is pretty minimal these days anyway). Maybe they think it cuts down on fraud.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
If you or anyone you know has purchased a compact disc with the XCP2 copy protection program (apparently most of Sony's releases since August 2005) and played or attempted to pay the compact disc on a Windows personal computer, you may have a claim against Sony and other parties. If you would like representation in this matter, please contact me at:
I think you could, if the ISO supported multiple tracks / sessions. I mostly use Toast's disc image format, not ISOs, because I only ever keep images for my own use and generally just temporary storage, and it handles these things just fine.
This isn't one of those CDs with anything really exotic going on where they've messed with the Red Book spec (at least that I have heard of), basically it's just an audio CD with a data track, and on that data track is the rootkit installer, set up so that it autoruns when the disc is inserted (unless of course you have autorun disabled, as you should). So there's no immediate reason why I can see why you couldn't copy it using a regular imaging program -- unless the rootkit has already installed itself on your system and prevents such programs from accessing the drive, that is.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
i'm just waiting for congress to act when someone tries to listen to some music at work and sony invades us government computers with their software, which would be a federal crime...and result in sony being fined and potentially be the subject of hearings.
its shown on their catalog.
and I don't think there's jack shite that any US company can do to the russians.
I auditioned (free 8k mono download) the cd in question and the music DOES suck pretty badly. but it was interesting to note that they did have it, already, in their catalog.
until the music biz plays fair, I refuse to buy standard RIAA/MPAA content. I just won't.
--
"It is now safe to switch off your computer."
The installer list has iTunes Pro on it, that comes as a bit of a surprise to me. iTunes Pro is the app used by Apple to add music to the iTMS. Sony wants to prevent consumers from running this app or to prevent Apple from adding those CD's to the iTMS? What would the point of this be?
Weird.
Cwm, fjord-bank glyphs vext quiz
If you or anyone you know has purchased a compact disc with the XCP2 copy protection program (apparently most of Sony's releases since August 2005) and played or attempted to pay the compact disc on a Windows personal computer, you may have a claim against Sony and other parties. If you would like representation in this matter, please contact me at: LAWYER ADVERTISEMENT
You have gauranteed that I will never purchase any hardware, software, or music made by your or your affiliates again. You have also gauranteed that I will do my best to make all my friends and family members do likewise. I will also put up a banner on my website telling everyone who goes there to never buy from you again.
Congratulations you facist pricks!
What sort of "legitimate application" needs to be hidden using a rootkit? What sort of definition of legitimate are they using, anyway?
Second favorite part:
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
In the past, while working on a friend's infected laptop, cleaning out malware, I took down the names of some of the installed junk, and in frustration, I reinstalled the OS, and created 0-byte files with the same names as the spyware files, then I set them to read-only, and permissions only to the SYSTEM and a dummy admin user account. For the past year or so, she hasn't had nearly as many episodes of needing me to clear off her system. Part of that may be because of the copy of Spybot Search and Destroy, Norton, and the fact that she now uses Firefox.
But creating an 0-byte Aries.sys stub, making it read-only, may prevent the installation of the real-deal.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Hey, if the lists are used to stop us from ripping by detecting the name of the executable, why dont we jsut use an open source solution, and change the name prior to compilation? That way, anyone can make their ripper be called anything so it wont be detected. Is it that simple, or am I misunderstanding the situation?
The autoplay menu is the only way I can get Civilization IV to run, otherwise it fails teh copyright test.
I have autorun disabled, so I need to browse to it, but if it was gone I would be sad.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
Another approach would be to install hooks into the API functions for playing a CD and browsing the filesystem above the kernel level. This would be easier to detect (simply invoke the system calls directly, rather than via a userspace API), but probably as effective.
You could probably persuade users to run the software by putting an HFS+ session on the disk first so iTunes wouldn't see it as an audio CD, and putting the application on this session with the same icon as a Finder uses for CDDA tracks - or simply use the auto-install feature (which would prompt the user for confirmation, but how many people would click no?)
I am TheRaven on Soylent News
Well, fuck, if you're using open source software anyway, rip the damn thing under Linux, and avoid the rootkit altogether.
I've upped my standards, so up yours.
I do have to agree with your comments. I agree that other OS's can have software added in bad ways. What I would prefer to see is that the OS's that I run, never allow any install to occurr without me personally OKing the operation. Maybe that would be obtrusive, but that is what I would wish.
My mac does this... Anything requiring admin privs asks for the admin password.
'Fair Use'. I have a legal right under international copyright law to format-shift any media in my possession. I also have a right that allows me to make backups - be it recording onto cassette, ripping to my ipod, making a backup/mix CD, whatever - its perfectly legal, and ICL recognises that. It's wrong for me to *Distribute* any of those copies I make, but not to make them. That's the distinction. Also, there is no contract. A contract has to be presented BEFORE the item it is attached to is given/sold/leased/whatever. To attach terms to a sale after the sale is made is simply deceit - I don't know about the U.S, but here in the UK it is actually ILLEGAL for a company to attach terms in that manner. Hence, Sony's EULA is in no way binding. The only protection the CD has is Copyright law. As long as the purchaser remains within the laws fair use constraints (I.e, not re-publishing it), there is nothing unethical, or illegal taking place. Unless you live in the USA with its shitty, overly-broad DMCA.
Why the fuck is this under GAMES, idiots...
The idea behind AutoPlay, which originated concurrently with the first DirectX SDK, was to make the PC work more like a game console. When you wanted to install a new game, all you'd have to do would be to put the CD in the drive. At the time, gaming was a critically-important thing for the Windows 95 group to get right, because it was where most of the compatibility and performance issues were showing up. There was a genuine desire to make Windows 95 games as user-friendly as possible, and that's all anybody was actually trying to do.
It was a reasonable, if not exactly earth-shattering, idea at the time. Nobody at Microsoft (I was working in that group as a contractor) foresaw that the feature would be misused like it's being misused now. It simply wasn't a reasonable thing to anticipate. ("Gee, Alex, you think maybe in ten years the world's largest media companies will corrupt the Red Book CD Audio specification to use our new feature as a means of distributing rootkit trojans that will be illegal to remove?")
As a developer, if you had to think that far ahead, and speculate that wildly about how your code could be misused, you'd never have the guts to implement anything. (Besides, 'security' and 'physical access to the machine' are contradictions in terms. AutoPlay is not a security risk.)
Dahlmann tightly grips the knife, which he may have no idea how to use, and steps out into the plain.
Looking through the CD titles this comes with, some of them are appropriately named:
Nothing Is Sound - Not once you try to remove the software
Life In Slow Motion - Don't you just love spyware?
Unwritten - and unripped
Suspicious Activity - sums it up nicely
Unfabulous And More - quite unfabulous
Healthy In Paranoid Times - Funniest of the bunch
The Invisible Invasion - nice description of the spyware
Phantoms - hidden software
Change It All - Your CD-ROM drive, your Windows install
Broken Valley - If you call your Windows PC "Valley" (okay, it's a stretch)
and the most appropriate title of the bunch:
Get Right with the Man
But why is the rum gone?
All your pr0n are belong to us.
If it weren't for deadlines, nothing would be late.
This 'rootkit' sw is actually a pretty useful program. Worth the price of a CD itself.
Just my luck, when I make it to slashdot it's something I've analyzed wrong. I tested to rename my ripping software to begin with $sys$ and it ripped it fine, but apparently something else was the deciding factor. I can't reproduce that effect!
Too late. This is the kind of falsehood which will become true merely by repetition. It is too good a story not to tell. You will see it repeated over and over on site after site. Occasionally people will try to follow up with corrections but they will never get the attention that the original false report got.
"A lie can travel halfway around the world while the truth is still putting on its shoes." - Mark Twain
Why is this in the Games section?
Because the majority of people are stupid. The masses will still buy this. So for Sony, they'll still see profit, which means they won't see a problem.
We have to protect the stupid and do something about this. Passive Aggression a la boycotting products will never be enough, we have to go on the offense and bring numerous lawsuits. Maybe the insurance company will drop Sony/raise prices? If we do this enough, Sony will have to do something. If we simply don't buy the products, Sony doesn't have to do _anything_ as long as they are making a profit. The main reason boycotting won't work is because Sony knows what we're thinking. They know we'll come back and buy their products if they make them decent again. So really this is a win/tie situation for them, with no loss. The only way we can make them lose is if we force them to change.
It is rip-able (see cdrdao), but it isn't a file system. It's a standard for laying out audio tracks on a CDIt encapsulates a single session, with up to 99 audio tracks, no data tracks and a table of contents at the end. No CD-TEXT or weird stuff in the subchannels, no track start/stop times that overlap, and no hidden data in the lead-in.
In any case, the CDs are not Red Book. They are Yellow Book (data track + audio tracks).
And for the record:
Red = Audio Only
Yellow = Data + Audio tracks (data tracks are specifically covered by ISO 9660)
Orange = Yellow book with CD-R and CD-RW provisions (this is the format of most burned CDs)
Blue = CD-G/Enhanced CD. Multisession with audio in one session and data in the second session. Appears as strict Red Book to audio-only players, and as strict Yellow Book to computers that can't understand multiple sessions.
Green/White book = CD-i and video CD (XA mode 2 with MPEG-1 encoded in raw sectors on the CD). Precursor to DVD-Video.
Beige = Kodak Photo CD (!)
As a favor to any future posessors of a trojaned disc.
1. Locate physical position of code on CD, it is assumed to be in the same place on every "protected" CD.
2. Create a jig with a nail or some other method of defacing the disc surface and preventing the program from ever being copied from the CD.
3. ???
4. profit!
There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
Web-form for comments to Sony Music is here ->
/. effect to good use!
http://www.sonymusic.com/about/feedback.cgi
Also the snail mail address is given as well:
Sony Music Online Services
550 Madison Ave, 24th Fl
New York, NY 10022-3211
Lets put the
-- Experience is a wonderful thing. It enables you to recognize a mistake when you make it again.
...now that Sony has solved the piracy problem, the cost of CDs can be reduced! Right?
F-Secure's Mikko Hypönen has haid that the Sony DRM, when run on Windows Vista "breaks the operating system spectacularly". Imagine 5 years from now, someone pops an Sony disc and puts it in his/hers/dads computer and wham, the Vista operating system crashes. Great, who to blame? It doesn't really matter if Sony makes "better" version for the newer cd's, are they going to upgrade all the existings cd's also? These cds are going to be around for a long time and it seems thay they are designed only for Windows XP!!
The truth or interpretation..
Holy Crazy Conjugations, Batman!
I'm sure these artists are all under contracts signed in blood, something like "Sony is Thy god to whom I will only speak highly" but artists like Van Zant, etc are going to lose TONS over royalties here! Just look at Amazon's product page (http://www.amazon.com/exec/obidos/tg/detail/-/B00 092ZM02/qid=1131393629/sr=8-1/ref=pd_bbs_1/103-042 6397-0537404?v=glance&s=music&n=507846/), comment after comment about the rootkit. If I was an artist, I would be PISSED!
lets pirate all their shit from now on.
That could come later
Any word from the band van Zant? I am really interested in their reaction. As I see it, because most consumers are ignorant or do not really care about the whole DRM business, only the artists have the power to change the course of record companies. What if Van Zant came out on MTV and said that they're really pissed about Sony adding this crap to their CD, apologise to the fans and announce a switch over to a different record company?
How about this message getting picked up and someone like Eminem taking a stand against DRM during the MTV music awards?
Someone checks out a cd from the library and decides to listen to it on their home pc, you are only borrowing the cd but it autoruns... If you have multiple pc's with different IP's and MAC addresses but you have listened to it on each of them... Aren't these two scenarios giving Sony a false positive on cd duplication?
'Fair Use'. I have a legal right under international copyright law to format-shift any media in my possession.
First of all, IANAL. Now that this has been stated, although I disagree with the music industry, I am tired of crap like this being posted. Fair use is not a legal right, it's a set condition under which you can't be prosecuted. The Fair Use doctrine states that although illegal to make copies unless you are the copyright holder, you can get away with it if you qualify under X, Y, or Z.
In addition, the 'Fair Use' doctrine is U.S. Copyright Law. It is not international copyright law. This is why iTunes is technically illegal in Australia, because it can copy cd's. Although most countries have a similar exception to the copyright law, Fair Use is by no means International Law.
Other than that I must say, I hate how the entertainment industry is screwing with my rights. I think we all need to educate ourselves better with what is going on, so that we may better fight this bullshit. It's blatantly obvious that our Government does not have the best interests of it's citizens in mind while passing these laws. Hell we are still stuck in the middle ages of art because nothing ever goes back into the public domain anymore.
Can I get an eye poke?
Dog House Forum
Well, fuck, if you're using open source software anyway, rip the damn thing under Linux, and avoid the rootkit altogether.
You do know that rootkits started on UNIX and have plagued Linux for some time now. Luckily Sony isn't targetting us. However these can happen on Linux too, although they are mitigated by the fact that most users do not run as root.
Can I get an eye poke?
Dog House Forum
Looks like the installer list contains the names of most media players, possibly for Sony to survey the market and report back to HQ what media players people have installed. Windows Media Player and Winamp make that list, and I seriously doubt Sony would prevent WMP from playing their CDs entirely - that would just be stupid. It could also be something to help the installer keep MIME type associations straight - maybe so it can return posession of the MIME types to the proper app when it isn't controlling them?
The DRM server list looks more critical and does not include simple players. It seems to be a list of rippers. I might guess that some action like cutting off CD access entirely would occur when a process that matches the DRM list is detected running. Of course, I haven't let Sony root my box yet, so this is all just guesswork on my part. If renaming your ripper EXE doesn't hide it from Sony's DRM server, then perhaps you could try renaming the main window (using reshack or a hex editor or similar on the EXE) since that seems to be the alternative name stored in the DRM list. Also it may check the "original filename" inside the EXE (the one shown on Windows next to the file version number and stuff when you view "properties"), so again you might want to use reshack or a hex editor to change that as well.
Or just edit the magic lists themselves (unless Sony has some sort of checksum on them)
You just can't beat VMWare for speed and features. The memory management alone is worth it IMHO. I love VMWare.
One file system spanning, multiple tracks doesn't seem like a good idea, but that is really what is going on.
Sometimes bad things happen.
You do know that rootkits started on UNIX and have plagued Linux for some time now.
Plague is an exaggeration. You can write rootkits for any OS. The major difference is that Windows has a security hole, that will allow any CD to easilly install software without the user's knowledge.
What this rootkit does to Windows could be done to Linux as well, and it would have the same negative effects on the system. Between Linux 2.4 and 2.6 it was made more difficult to modify the system call table for the exact same reasons Microsoft made it more difficult when moving from 32 bit to 64 bit.
But eventhough you could write the rootkit for Linux, it does not install just because you insert the CD. And as long as the rootkit is just on the CD, it does not influence on your ripping.
Do you care about the security of your wireless mouse?
Or maybe just Insightful and Informative, though scary it is.
Sony, like pretty much every other mass marketer of computers preinstalls a lot of software on every system they sell.
Do their latest computers come with a pre-installed rootkit to save me the trouble and expense of going out and buying one and installing it? Because that would be customer service!
Could you use spyware-style masking of the names (EXE and Windows) for Media Players and RIPPERS to hide from the DRMServer.exe??
I'm an IT Admin at a mid-sized corp, and I have to deal with ALL the spyware employees get on their PC on a weekly basis. I've seen A LOT of different types of spyware. One of the worst cases I've had to deal with was when this app, every time it ran, it had a new XXXXXXX.exe in task manager and the name and the same for the hidden window it created. This made it impossible for SpyBot to see it, and even though Ad-aware saw it, it could not get rid of it. I ended up just ghosting the machine with a clean image to fix it.
Could a Media Player and a CD Ripper be made that did the same-style of naming that the evil spyware did to hide from Sony?
What about spoofing results back to Sony HQ to throw off the statistics?
It rather looks like the artists involved (the Van Zants) are somewhat concerned about the kurfuffle .. they are "continuing to gather more facts concerning this".
Okay, this is likely a dupe, but what the heck ...
.. paranoid crackpot leftover from the days of Amiga.
Wadsworth: I'm merely a humble butler.
Col. Mustard: What exactly do you do?
Wadsworth: I buttle, sir.
Col. Mustard: Which means what?
Wadsworth: The butler is in charge of the kitchen and dining room. I keep everything tidy, that's all.
I believe you meant "using Itunes to copy a CD is technically illegal in Australia". Murder is illegal in Australia, but that doesn't mean knives are illegal.
-----
PGP Key ID 0xCB8FF658
Sony's rootkit is designed for windows, autoplay, etc and so on, but you really can't blame Microsoft in this case.
Like hell we can't!
As for autoplay being a bad idea, it is and it isn't
No, autoplay is a bad idea, period. It's a horrific security hole, as this whole Sony rootkit debacle shows.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Right after that I thought... "I wonder how many other people are thinking the same thing right now?"
Then it struck me, isn't Sony just going to kill their CD sales among the Nerd community who know what kind of crap Sony's trying to pull. On top of that aren't they just allowing for viruses to spread among the computer illiterate (by that I mean people who don't pay attention to this kind of thing), they probably won't download the patch... and then, they'll be screwed.
On another note... I hope Sony gets screwed over on this one... maybe they'll be required to change the software.
Right that does it.
e n&ver=4001&template=ph1_2&zone=phs .jsp?categoryId=22847
t kits-and-digital-rights.htmls ony-dangerous-decloaking.html
I've just sent in some feedback on the some of the forms offered on the Sony website. I've provided links to the blog articles for their information. I also let them know:
- I will not buying any Sony products in the forseeable future
- I will be emailing friends, acquaintances and family explaining what is ocurring and recommending a boycott of all Sony products.
I recommend that others do the same.
FWIW, the text of the email I am sending out is:
A furore has erupted online recently over some software that Sony has
shipped with some music CDs.
Effectively in an attempt to stop people from copying CDs to their
computers, Sony CDs will install some software onto your computer when a
music CD is first put into the drive. This software alters windows in a
way that makes it less secure. It also hides itself and is next to
impossible to remove. Also each time a CD us put into the drive it
"phones home" to Sony tell them what CD you are playing.
There are many concerns with this. In the first place it is not clear
that software is being installed on your machine when the CD is
inserted. Secondly it is deceptive by hiding the software. Thirdly no
means of uninstalling the software is provided. Finally there are
privacy concerns with software that tracks how you use your computer.
One week after this was revealed, Sony has failed to respond to these
concerns.
I am writing to recommend that you boycott all Sony products. The Sony
family of companies are:
- Sony
- Sony BMG
- Sony Erickson
- Sony Computer Entertainment
I also suggest that you take a moment to let Sony know that you are
unhappy with their actions at one of the following feedback forms:
http://www.sonybmg.com.au/misc/contact.do
http://www.sonyericsson.com/spg.jsp?cc=global&lc=
http://www.sony.com.au/support/contactus/contactU
For further technical details on how the Sony CDs operate:
http://www.sysinternals.com/blog/2005/10/sony-roo
http://www.sysinternals.com/blog/2005/11/more-on-
meh
It's a horrific security hole, as this whole Sony rootkit debacle shows.
Horrific security holes don't usually take ten years to become apparent, do they?
Blaming Microsoft for this is like blaming a woman in a short skirt for being raped.
Dahlmann tightly grips the knife, which he may have no idea how to use, and steps out into the plain.
Horrific security holes don't usually take ten years to become apparent, do they?
It didn't take ten years for the autoplay vulnerability to become apparent, either. Apple remedied that mistake as of the first developer preview of OS X, about five years ago. What's MS's excuse?
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
What about spoofing results back to Sony HQ to throw off the statistics?
Yes. In fact, if someone wrote a script that mimics the rootkit with regard to talking to Sony HQ that just spits out random bogus data, I'd run that script all day (after getting a programmer friend to check it for malware).
It's our duty to poison phishers' and corporate data harvesters' databases.
You make the mistake of thinking you can educate the fundamental stupidity out of people. You can't.
This is so true and really worth keeping in mind whenever you return something. If you are returning something which is defective and the store cannot replace it with a non-defective item then they'll refund your money - its not worth their while doing anything else. Case in point I returned two defective toys on the weekend to a local department store and asked for replacements which they couldn't supply as they were out of stock. The shop assistant then offered to give me gift vouchers instead of a refund. I refused and said I wanted non-defective toys. She said it was store policy to give gift vouchers and not refunds. I then asked if it was store policy to sell defective goods and not give refunds. At this point she gave me my money back. Shame was I really wanted the toys for my friend's kids and now I'll have to look elsewhere for them.
From http://securityresponse.symantec.com/avcenter/venc /data/securityrisk.aries.html
WARNING: Removing this security risk manually may damage the compromised computer's operating system and may violate the manufacturer's end-user license agreement.
Symantec Security Response strongly recommends installing the software update provided by the manufacturer
Isnt that wonderful? "Removing this security risk may violate the manufacturer's EULA"
Yes, I would hate to do something illegal. I think I'd much rather install the *new* version of their spyware instead
Even in my book, feeding ergot to pointy haired bosses and marketroids sounds a bit harsh:-
Ergotism struck the peasants and killed thousands of people. It was called Holy Fire because of the buring sensations at the extremities from gangrenous ergotism. The people suffered from swollen blisters, rotting flesh, and loss of limbs.
(Yeah I know what you meant)
Plague is an exaggeration.
Maybe now, but early Linux distros had no firewalls by default and didn't ask you to use a non-root account. Newer distros force the issue a lot because of this. Gone are the days when telnet was started by default. I helped quite a few newbies rebuild their system after getting both rooted and having root kits installed.
The major difference is that Windows has a security hole, that will allow any CD to easilly install software without the user's knowledge.
No, the major difference is that Windows users are always running as 'root'. If this autorun executed as a regular user, we would have no problem.
Can I get an eye poke?
Dog House Forum
(This is your fnord speaking) Muzzy's theory is actually correct. However he was contacted by RIAA soon after making that post, and forced under the DMCA and various other four-letter acronyms, to distance himself from his earlier comments or face a lawsuit.
Uh. No. iTunes can be used to perform actions that are illegal (copying cds), but since when has this made the product used automatically illegal?
Actually yes. I may have been mistaken about the AU law, although I did read that from an Australian Lawyer's post on Slashdot. I do know that they do not have a fair use doctrine.
However there are many examples where things are deemed illegal if their primary use is illegal. For example Grokster, Napster, etc. In Australia there was no iTunes Music Store up until recently and Apple's
iTunes ad does say "Rip, Burn, Mix".
Can I get an eye poke?
Dog House Forum
I believe you meant "using Itunes to copy a CD is technically illegal in Australia". Murder is illegal in Australia, but that doesn't mean knives are illegal.
Weren't you paying attention about when the Grokster case came to a close. Grokster was deemed illegal because it's primary use was copyright infringement.
Now don't you think a country that has no Fair Use law might have made it illegal for iTunes.
Can I get an eye poke?
Dog House Forum
It is possible to create a kernel module that intercepts system calls on OS X. Any admin user can install a kernel module - and most users are accustomed to entering their password when installing.
They are not, however, accustomed to entering their password when playing an audio CD.
but early Linux distros had no firewalls by default
No matter what problem you are trying to solve, there is always a better solution than a firewall.
didn't ask you to use a non-root account.
Red Hat Linux 6.0 warned me when loging in as root.
Gone are the days when telnet was started by default.
Having telnet open is in itself not a major problem. But of course if you use it, you will send passwords in clertext. Like any other software, it must be kept updated. I don't remember exactly when Red Hat started making updates easilly available.
If this autorun executed as a regular user
It would still be a security problem, but not as bad as it is now.
Do you care about the security of your wireless mouse?
Windows Vista has a partial solution to this. When you insert a CD, it asks you what you want to do with it. You can run the autorun script, or load it directly in Windows Media Player (which effectively bypasses the protection). Or do nothing and run your favorite ripping program.
It is a felony for someone to tell you how to remove it, or how to avoid installing it. Hence the "Post Anonymously".
What greatly disturbs me is that the Sony DRM is permanent. If you completely format your hard drive to start over, you are still committing a felony. The DMCA makes no distinction.
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
Others have said 'Don't steal it', but here's my singular argument for not stealing it:
1) You steal it from store.
2) Store makes insurance claim.
3) Insurance company reimburses store.
4) Store buys more stock of DRM chained CD-like objects from Sony.
You have just VOTED for Sony's DRM. Happy yet?
Yeah, I know, there's never going to be a claim on just one CD stolen. But that's not the point - over the course of a year, their inventory system will include whatever DRM encumbered CD-like objects people have stolen. Stealing one just adds an argument for DRM to the business model, and tells the store that it's an in demand item to boot.
Don't steal this. Have no truck with these DRM encumbered CD-like objects. If you do, it will just encourage them. </$0.02>
If opportunity came disguised as temptation, one knock would be enough.
3^2 * 67^1 * 977^1
I forgot to check "post anonymously".
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
Shure I won't buy another sony CD as well.
but early Linux distros had no firewalls by default
/ en/os/i386/autorun
No matter what problem you are trying to solve, there is always a better solution than a firewall.
Who said anything about using firewalls as solution to problems? We were talking about system security. Security is best done in layers, and a firewall is a good layer to have.
didn't ask you to use a non-root account.
Red Hat Linux 6.0 warned me when loging in as root.
Try further back. I started with Linux on Yggdrasil, but automated malware wasn't that big of a deal then. It started becoming a real problem around the time RedHat 4 was released, which originally configured sendmail as an open relay.
Gone are the days when telnet was started by default.
Having telnet open is in itself not a major problem. But of course if you use it, you will send passwords in clertext. Like any other software, it must be kept updated. I don't remember exactly when Red Hat started making updates easilly available.
Because telnet was enabled by default, people didn't realize that this was such a bad thing. It's the same reason so much crap comes into Windows machines via IE. In addition, it's the reason we are having this conversation. Autorun can be disabled, it's just a bad default! Bad defaults lead to bad behavior in uneducated users.
If this autorun executed as a regular user
It would still be a security problem, but not as bad as it is now.
Bad defaults are bad defaults. Red Hat use to do it, see:
http://mirrors.kernel.org/redhat/redhat/linux/7.2
Can I get an eye poke?
Dog House Forum
Try further back.
Back then I was using AmigaOS.
Because telnet was enabled by default,... Autorun can be disabled,
Are you trying to compare telnet and autorun? Telnet is not nearly as insecure by design as autorun. If telnet is enabled and the user doesn't do anything about it, it will just sit there idle doing no harm. Autorun OTOH will act autonomously once a CD is inserted. Autorun is insecure by design.
Red Hat use to do it
Yes, even Red Hat makes mistakes. I'm not sure if it was by default configured as insecurely as it was the case on Windows. As soon as I found out about this feature's existence on Red Hat Linux, i started uninstalling it on all my machines. (Yes, you can actually do rpm -e autorun). The autorun in Red Hat Linux was something running under KDE and Gnome. As long as you were not logged into one of those environments, there would be no autorun. Loging in as root in a VT was safe.
Do you care about the security of your wireless mouse?
Microsoft could not exist without it's core - MS DOS - this is a rip off of QDOS - invented long before MS DOS and better at the time. MS ripped them off and used a marketing machine to do the rest. The inventer of QDOS is thought to have gone into depression over this. You can always check the Wiki. Anyway, you are right MS has always had leadership but there leadership would lead nothing without the innovation. The question is do you support innovation or marketing first...?
Try further back.
Back then I was using AmigaOS.
Then you have no opinion as a Linux user for the time period I am referring to. Gotcha.
Because telnet was enabled by default,... Autorun can be disabled,
Are you trying to compare telnet and autorun? Telnet is not nearly as insecure by design as autorun. If telnet is enabled and the user doesn't do anything about it, it will just sit there idle doing no harm. Autorun OTOH will act autonomously once a CD is inserted. Autorun is insecure by design.
I am comparing bad defaults in two OS's. Bad defaults do in fact encourage bad behaviour. I am saying that both are bad defaults that encourage bad behaviour. I am not saying that telnet is as bad as autorun. As another example, a year ago most access points were wide open. Today most access points I see are WEP enabled minimum. My wrt54g was secured with wpa by default!
Red Hat use to do it
Yes, even Red Hat makes mistakes. I'm not sure if it was by default configured as insecurely as it was the case on Windows. As soon as I found out about this feature's existence on Red Hat Linux, i started uninstalling it on all my machines. (Yes, you can actually do rpm -e autorun). The autorun in Red Hat Linux was something running under KDE and Gnome. As long as you were not logged into one of those environments, there would be no autorun. Loging in as root in a VT was safe.
It's still part of the default install in Fedora. The reason it's not that big of a problem is that regular users do not have the power to shoot the system in the foot. It can be disabled easily in Windows too. The problem here is that most Windows users run as Administrtator, plain and simple. And a lot of that has to do with the fact that Windows is hard to use for non-admin newbies. Linux is structured by default in that manner.
Can I get an eye poke?
Dog House Forum
This seems like a great opportunity to educate the masses about DRM and generate a bit of a blast against Sony. I have sent an email, with a link to the relevant articles, to our IT division. I suggested that they send out a short email to the effect that they know that many people listen to music on their PCs, but until this is resolved it is expressly forbidden to place a Sony CD in a work machine, put a Sony CD in any machine with dial in access to the work network, and especially forbidden to install software of this type. Unless this software is removable, and it is clearly known what it does and does not do - including interfere with other software, then it appears to pose an unacceptable security risk.
I also suggested that they make it clear in very simple terms that CDs from other labels are still OK, and that it is a sound idea for people to not put Sony CDs in any home computer as well.
It seems to me that slashdotters are likely to disproportionatley occupy positions of technical influence in their workplaces, and that if many of us do this we will make lots of people that would not otherwise care aware that there is a big hairy problem here. If enough of us do this, we should be able to make the bastards feel some heat!
NB: I am also crafting an email to Sony telling them what I have done. Why not do the same as well, make 'em squirm!
Who's to say that Nelson isn't laughing about his new $sys$ camo t-shirt?
Get your $sys$ camo tees now!