WTF ... IS WTF!?
We are a collective of people who believe in freedom of speech, the rights of individuals, and free pancakes! We share our lives, struggles, frustrations, successes, joys, and prescribe to our own special brand of humor and insanity. If you are looking for a great place to hang out, make new friends, find new nemeses, and just be yourself, WTF.com is your new home.

Sony music CDs install root kits in Windows; removing it kills Windows

Jung

???
Premium
13,970
1,391
487
#1
http://www.theregister.co.uk/2005/11/01/sony_rootkit_drm/
More fun with digital audio
By Andrew Orlowski in San Francisco
Published Tuesday 1st November 2005 10:25 GMT
Get breaking Security news straight to your desktop - click here to find out how

Sysinternals' Mark Russinovich has performed an analysis of the copy restriction measures deployed by Sony Music on its latest CDs: which he bluntly calls a 'root kit'. Using conventional tools to remove Sony's digital media malware will leave ordinary users with Windows systems unable to play CDs.

While the Sony CDs play fine on Red Book audio devices such as standard consumer electronics CD players, when they're played on a Windows PC the software forces playback through a bundled media player, and restricts how many digital copies can be made from Windows.
Click Here

A 'root kit' generally refers to the nefarious malware used by hackers to gain control of a system. A root kit has several characteristics: it finds its way onto systems uninvited; endeavors to remain undetected; and then may either intercept system library routines and reroute them to its own routines, or replace system executables with its own, or both - all with the intention of gaining system level ownership of the computer.

What makes Sony's CD digital media software particularly nasty is that using expert tools for removing the parasite risks leaving you with a Windows PC that's useless, and that requires a full reformat and reinstall.

So is Sony bundling a root kit, or is it the latest in a long line of clumsy, and sometimes laughably inept attempts to thwart the playback of digital media on PCs?

We were inclined to the latter - but in practical terms, for ordinary users, the consequences are so serious that semantic distinctions are secondary.

In actuality both, reckons Russinovich. It's a 'root kit' that arrived uninvited, but it's also "underhanded and sloppy software" , that once removed, prevented Windows from playing his CD again (Van Zant's 'Get With The Man') he notes in his analysis.

The Sony CD creates a hidden directory and installs several of its own device drivers, and then reroutes Windows systems calls to its own routines. It intercepts kernel-level APIs, but then attempts to disguise its presence, using a crude cloaking technique.

Disingenuously, the copy restriction binaries were labelled "Essential System Tools".

But the most disturbing part of the tale came when Russinovich ran his standard rootkit-removal tool on the post-Sony PC.

"Users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files," he writes.

Which puts it in an entirely different class of software to the copy restriction measures we've seen so far, which can be disabled by a Post-It note. Until specialist tools arrive to disinfect PCs of this particular measure. ®
And yet music industry execs wonder why people are so reluctant to pay for the privledge of DRM. :rolleyes:
 

tw33k

Theoretical Realist
146
0
0
#2
Love the reply by the CEO:
Mathew Gilliat-Smith, CEO of first4internet told us 'For us this is old news, things have moved on ... These CDs have been out on the market for eight months now, and I think we first should establish that this is not malware, nor was it created with the intention of malware, [the rootkit component] is really just a methodology for hiding files.'
http://www.pcpro.co.uk/news/79491/sony-drm-company-declares-the-issue-old-news.html

A methodology for hiding files. Yeah, who would think there's anything sinister in wanting to hide files on someone's harddrive so deeply they can't be seen or removed except by extraordinary means. I'm sure the rootkit was written so there are no holes or exploits to be taken advantage of by an astute virus writer(Huge Sarcasm there.) A good tip is to turn off the autorun so this malware doesn't get loaded, a better one is to NOT BUY SONY.
 

void

Banned - What an Asshat!
4,126
0
0
#4
so far this rootkit is only on 20 sony cds, the are clearly marked as having 'protection' on the shrinkwrap.

About 20 titles are thought to be using the XCP software and in May 2005 Sony said more than two million discs had been shipped using the technology. XCP is just one of several anti-piracy systems Sony is trying.
http://news.bbc.co.uk/1/hi/technology/4400148.stm
 

leehype

drunk with a jeep problem
2,902
57
112
#5
So, Sony wants people to buy there cd's, and if we do, we have to worry about this shit. I have a feeling that this might make shareware more popular.
 

Boycott

Soul Doubt
1,387
1
0
#7
Aye,
I have a feeling that this would actually make sharing CDs MORE popular, since people wouldn't want to risk finding a bug on it that would install the root kit while they're playing the CD on their computer, or just the fact that it had one on it...

You can delete this part if it comes close to the piracy rules of the forum, but people will just rip the CD image and share that, rather than sharing each individual .mp3... People already do it *shrug*
 

Jung

???
Premium
13,970
1,391
487
#8
Boycott said:
You can delete this part if it comes close to the piracy rules of the forum, but people will just rip the CD image and share that, rather than sharing each individual .mp3... People already do it *shrug*
I think you're completely missing the point of this software, and overestimating the capabilities of the majority of people who download mp3s and/or share CDs.
 

OmegaZeto

Eyeless Pilot
713
0
0
#9
junglizm said:
I think you're completely missing the point of this software, and overestimating the capabilities of the majority of people who download mp3s and/or share CDs.
I believe you are UNDERestimating the ability of "the majority" to learn a new, simple trick to get what they want. Illiterate and half brain-dead they may be, but they already learned how to use iPods and music-ripping programs... What couldn't they learn, given the right motivation and a little time?
 

void

Banned - What an Asshat!
4,126
0
0
#10
yesterday it was announced that there are two pending lawsuits against Sony in this matter.
and then today this..

AMSTERDAM (Reuters) - A computer security firm said on Thursday it had discovered the first virus that uses music publisher Sony BMG's (6758.T) controversial CD copy-protection software to hide on PCs and wreak havoc.

Under a subject line containing the words "Photo approval," a hacker has mass-mailed the so-called Stinx-E trojan virus to British email addresses, said British anti-virus firm Sophos.
When recipients click on an attachment, they install malware, which may tear down a computer's firewall and give hackers access to a PC. The malware hides by using Sony BMG software that is also hidden -- the software would have been installed on a computer when consumers played Sony's copy-protected music CDs.

http://news.yahoo.com/s/nm/20051110/tc_nm/sony_hack_dc
 

UberSkippy

a.k.a. FuckTheBullShit
7,529
28
142
#11
Yesteray I got bored so I read the Eula for Sony's new disks... quite entertaining.

By simply PURCHASING the disk you accept the Eula... (That's not legal in the US but most folks don't know that... you can't enter a contract without first having the option to review said contract.)

At any rate it's quite funny... if you do anything to the software that is installed you are in violation of the Eula. However you must ALSO keep the software up to date or you're in violation.

So, it's hidden software that you don't know about. But you have to keep it up to date. But doing anything to it violates the terms of the contract.

Essentially, its written in a way that means you will always be in violation of the contract.
 

void

Banned - What an Asshat!
4,126
0
0
#12
maybe a victory for the consumer..

Sony to Suspend Making Antipiracy CDs

Sony defended its right to prevent customers from illegally copying music but said it will halt manufacturing CDs with the "XCP" technology as a precautionary measure. "We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use," the company said in a statement.

http://news.yahoo.com/s/ap/20051111/ap_on_hi_te/sony_copy_protection