Re: Sony BMG installs a rootkit on your PC


"Sporkadelic" (sporkadelic@xxxxxxxxx) writes:
> Sony BMG is getting some well-deserved flames today for its inept and
> dangerous CD copy protection.
>
> Story from The Register:
>
> http://www.theregister.co.uk/2005/11/01/sony_rootkit_drm/
>
> Blog post with lots of detail:
>
> http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
>
> Are there any classical CDs with XCP copy protection?
>


Here's the important article. I've already written my congressman to
complain that involuntary installation ought to be illegal.

Brendan


Removing Sony's CD 'rootkit' kills Windows
More fun with digital audio
By Andrew Orlowski in San Francisco
Published Tuesday 1st November 2005 10:25 GMT
Get breaking Security news straight to your desktop - click here to find
out how
Sysinternals' Mark Russinovich has performed an analysis of the copy
restriction measures deployed by Sony Music on its latest CDs: which he
bluntly calls a 'root kit'. Using conventional tools to remove Sony's
digital media malware will leave ordinary users with Windows systems
unable to play CDs.

While the Sony CDs play fine on Red Book audio devices such as standard
consumer electronics CD players, when they're played on a Windows PC the
software forces playback through a bundled media player, and restricts how
many digital copies can be made from Windows.

A 'root kit' generally refers to the nefarious malware used by hackers to
gain control of a system. A root kit has several characteristics: it finds
its way onto systems uninvited; endeavors to remain undetected; and then
may either intercept system library routines and reroute them to its own
routines, or replace system executables with its own, or both - all with
the intention of gaining system level ownership of the computer.

What makes Sony's CD digital media software particularly nasty is that
using expert tools for removing the parasite risks leaving you with a
Windows PC that's useless, and that requires a full reformat and reinstall.

So is Sony bundling a root kit, or is it the latest in a long line of
clumsy, and sometimes laughably inept attempts to thwart the playback of
digital media on PCs?

We were inclined to the latter - but in practical terms, for ordinary
users, the consequences are so serious that semantic distinctions are
secondary.

In actuality both, reckons Russinovich. It's a 'root kit' that arrived
uninvited, but it's also "underhanded and sloppy software" , that once
removed, prevented Windows from playing his CD again (Van Zant's 'Get With
The Man') he notes in his analysis.

The Sony CD creates a hidden directory and installs several of its own
device drivers, and then reroutes Windows systems calls to its own
routines. It intercepts kernel-level APIs, but then attempts to disguise
its presence, using a crude cloaking technique.

Disingenuously, the copy restriction binaries were labelled "Essential
System Tools".

But the most disturbing part of the tale came when Russinovich ran his
standard rootkit-removal tool on the post-Sony PC.

"Users that stumble across the cloaked files with a RKR scan will cripple
their computer if they attempt the obvious step of deleting the cloaked
files," he writes.

Which puts it in an entirely different class of software to the copy
restriction measures we've seen so far, which can be disabled by a Post-It
note. Until specialist tools arrive to disinfect PCs of this particular
measure. ®

--


.

Relevant Pages

  • Re: OT: And then they wonder why record sales are down!
    ... > onto your PC to keep you from copying their CDs? ... The hitch comes when you put one in a Windows ... Sony duly assumes you intend to copy it and is determined to ... The Extended Copy Protection (XPC) technique used by Sony was ...
    (rec.motorcycles)
  • Re: Sony PRS-500 Reader
    ... from Sony that they would be released here before the end of 2007. ... The content providers license the books on a territory ... I registered the Reader online). ... another program for Windows called Rasterfarian that'll make the fonts ...
    (uk.comp.sys.mac)
  • RE: Leaving Computer On...
    ... comes out of standby or hibernation mode. ... Those Sony Vaio's are so well made tho and so ... settings that you will have to ask other people about or experiment with on ... Windows turn off this device to save power..." ...
    (microsoft.public.windowsxp.help_and_support)
  • RE: Leaving Computer On...
    ... comes out of standby or hibernation mode. ... Those Sony Vaio's are so well made tho and so ... settings that you will have to ask other people about or experiment with on ... Windows turn off this device to save power..." ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: what is a m2t file and how do i make one to play on blu-ray?
    ... remark that he doubted their customers would know what a root kit was. ... However in the long run Sony has lost my trust. ... I do not purchase any ...
    (alt.tv.tech.hdtv)
Loading