Sony, Rootkits and Digital Rights Management Gone Too Far

http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

Regards - Charles

 

This is outrageous and almost beyond belief.
I’ll make sure none of my hard earned cash goes to Sony again.
Thanks for the heads-up Charles.

 

it will be fun to see how this turns out. still hasnt gotten picked up by msnbc/cnn type news outlets, but its one slow news cycle from getting some strong press. Boy oh boy will it be fun to watch the marketing weasels spin it when it does.

I'm really curious how mark is able to get away with that, i'd never be able to post that kind of stuff, the legal department keeps a special furnace stoked to burn that kind of stuff, thats why theres no joeblog
-----
This Service Pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers
http://updates.xcp-aurora.com/

 

http://secunia.com/advisories/17408/



Then as of 11/02:

http://news.com.com/Sony+to+patch+copy-protected+CD/2100-7355_3-5928608.html?tag=nefd.lede

Regards - Charles

 

It’s on the BBC website and I just found it on their TV News24 interactive service.
http://news.bbc.co.uk/1/hi/technology/4400148.stm

 

Thanks McTavish for the reference to the beeb

I've been waiting for this to hit the large news outlets and like Joe really curious how this will be spun.

As an aside for anyone that's interested on how to prevent the software from installing: from my reading, having autorun on or off is irrelevant (if you're not aware of the software), playing the disc does the install. This can only be installed on a system with Admin rights, anything less will trigger a request to change user, provided very conveniently by the Sony software.

The other way is to use process control software such as ProcessGuard or System safety Monitor which intercept executions and asks for permission.

Regards - Charles

 

As most of us, Sony's wake-up call rings loud and clear ..
I'm the good guy, trust me... "said the spider to the fly ".
With the playing field jaded with such irresponsible activity the user is forced again to review security and the cost(s) to implement it.

 

(with apologies for missing this thread when I posted earlier today)

here's the other BBC article - a couple more points, including Philips' attitude (these are "music delivery systems ", not Compact Discs, so cannot carry the CD logo)

one way would be to avoid putting lookalike discs (without the CD logo) into your machine but soon, the way things are going, that option will severely limit your choice of music...

I found the points about Macs and Linux interesting too.

==

If you put "sony van zant CD" into Google you currently get MR's Sysinternals blog, top of the list - put "van zant CD" and MR's blog is still only 3rd result down

best wishes, HJ.

 

More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home

http://www.sysinternals.com/blog/2005/11/more-on-sony-dangerous-decloaking.html


Security-spooked Users Slap Sony CD On Amazon
By Gregg Keizer, TechWeb News

http://www.techweb.com/showArticle.jhtml?articleID=173403155

Regards - Charles

 

Hi Dennis,

Certainly agree - thats what makes this particular case so troublesome.

My take on "good" guys in other ways is not very complimentary.

One of my neuralgia points is software that installs startups when not necessary and this IMH does "damage" over the long run because that slows the system down, creates potential conflicts, and makes the "upgrade" treadmill that much faster. This is really myopia on the part of software vendors who seem to have no compunction about cluttering up systems w/o regard of the consequences to the user.

Most people, judging from what I've seen and read here and elsewhere aren't aware of it, what they are aware of - my system is slow or some other conflict caused problem which can very subtle and hard to diagnose. Even if they are aware of it, aren't sure what to do about it - would it be harm full to stop them, where to get the info, it won't stay disabled, not listed in msconfig, etc?

A classic case, a friend purchased a new HP printer. Of the five startups - four were totally unnecessary, and disabled them. The functions that were disabled are executed as soon as needed anyway. I've got a Dell printer/scanner, same deal, the scanner "Button manager" is a startup, and to add insult to injury, not accessible thru msconfig, had to use autoruns to disable it.

Regards - Charles

 

For everybody's FYI: what rootkits are and how they work:

Windows rootkits in 2005, part one

http://www.securityfocus.com/infocus/1850?ref=rss

Regards - Charles

 

Computer Associates has declared Sony's DRM Rootkit as spyware.

http://www3.ca.com/securityadvisor/pest/collateral.aspx?cid=76345

Regards - Charles

 

There evidently is a trojan out now that uses the Sony Rootkit to hide itself. Just as Mark Russinovich predicted, of course.

A partial list of Sony CD titles with the Rootkit include:
(according to -> http://www.eff.org/deeplinks/archives/004144.php )

Trey Anastasio, Shine (Columbia)
Celine Dion, On ne Change Pas (Epic)
Neil Diamond, 12 Songs (Columbia)
Our Lady Peace, Healthy in Paranoid Times (Columbia)
Chris Botti, To Love Again (Columbia)
Van Zant, Get Right with the Man (Columbia)
Switchfoot, Nothing is Sound (Columbia)
The Coral, The Invisible Invasion (Columbia)
Acceptance, Phantoms (Columbia)
Susie Suh, Susie Suh (Epic)
Amerie, Touch (Columbia)
Life of Agony, Broken Valley (Epic)
Horace Silver Quintet, Silver's Blue (Epic Legacy)
Gerry Mulligan, Jeru (Columbia Legacy)
Dexter Gordon, Manhattan Symphonie (Columbia Legacy)
The Bad Plus, Suspicious Activity (Columbia)
The Dead 60s, The Dead 60s (Epic)
Dion, The Essential Dion (Columbia Legacy)
Natasha Bedingfield, Unwritten (Epic)
Ricky Martin, Life (Columbia) (labeled as XCP, but, oddly, our disc had no protection)

Several other Sony-BMG CDs are protected with a different copy-protection technology, sourced from SunnComm, including:

My Morning Jacket, Z
Santana, All That I Am
Sarah McLachlan, Bloom Remix Album

This is not a complete list.

I've also read that some high performance game machines CD/DVD's can be 'disconnected' from windows on a reboot after rootkit infection.

Nasty - Nasty

 

Yep, and here it is:

http://news.bitdefender.com/NW193-en--First-Trojan-Using-Sony-DRM-Detected.html

Regards - Charles

 

And the first round of lawsuits.

http://www.afterdawn.com/news/archive/7016.cfm

 

Sony to Suspend Making Antipiracy CDs

http://www.wjla.com/news/stories/1105/277015.html

A senior Homeland Security official at Security Fix:

http://blogs.washingtonpost.com/securityfix/2005/11/the_bush_admini.html

Regards - Charles

 

Removal tool from Symantec: http://securityresponse.symantec.com/avcenter/venc/data/securityrisk.first4drm.html?Open

Regards - Charles

 

Based on the following blog entry from the Microsoft AntiMalware Engineering Team, Microsoft will also treat the rootkit component of this as malware and will provide detection and removal in its tools, including the monthly Malicious Software Removal Tool.

Anti-Malware Engineering Team

We can only hope that Sony suffers financially from this poor decision.

Steph

 

With Class Action lawsuits in California and New York and probably some others a little later, I think they will be seriously stung.

With additional loss of revenue from those of us who plan to avoid their stuff, they will be hurt even more.

What I haven't read is that anyone plans to go after the folks that wrote this abomination for Sony and then compounded their mistake by turning some poodle puppy programmers loose to attack Dr. Mark Russinovich and his findings. At a guess, he has forgotten more than most of them have learned.

 

http://www.dslreports.com/forum/remark,14783731~days=9999

SONY throws in the towel ... for now.

This is a ongoing thread at dslreports - in which the big news is this:

Kevin McAleavey of BOClean has determined that

If this indeed turns out to be the case, Sony is truely s c r e w e d because their only legal defense is the EULA.

So it is very important that everyone turn off autoplay, which was always a good idea anyway, but this sort of thing makes it imperative.


Another thread at dsl on the legal ramafications of trying to remove not only the rootkit but also the other components, among which are "phone home" and CD filtering software that the Rookit intalled, that the current providers of "removal" tools are not supplying because of DCMA legal implications: Microsoft will wipe Sony's 'rootkit' and more http://www.dslreports.com/forum/remark,14802823~days=9999

Regards - Charles