Sony Rootkits your PC with DRM!

Infini

If there ever was a good point for music piracy this has gotta be it.
http://www.theinquirer.net/?article=27349
Seriously I dislike DRM as it is but this is crossin the line IMO!:mad:

Karoma

Please also note thread: http://www.boards.ie/vbulletin/showthread.php?t=318693
(Something as potentially serious as this deserves an x-post though)

Matthewthebig

What does that mean?

Karoma

http://en.wikipedia.org/wiki/Rootkit
It appears that Sony may have included one in a(t least one) legit. CD ..

SolarNexus

heh, sony aren't the smartest lot, are they. I can imagine the board meeting:

"Okay boys and girls, this music piracy stuff is really cutting into our profits, and we wont take it anymore -anyone got any ideas?

(bigwig a) I know, lets sue everyone that downloads from us

(bigwig b) no, that'll never work... besides, sounds like too much like work

(bigwig c) I've got it! we'll punish everyone who actually buys our cds by having the cd install software (without their knowlege) that stops them from playing illegal music. They'll never know what hit them."

Its like music producers get dumber everyday, its probably the only constant in this haywire world.

digitaldeath

This is my biggest concern: It turns out that Engadget (quoting Variety) notes that this DRM is not at all about making the CD immune to piracy.
Instead, its part of a pissing contest between Sony and Apple: Variety writes that "the new copy protection scheme — which makes it difficult to rip CDs and listen to them with an iPod — is designed to put pressure on Apple to open the iPod to other music services, rather than making it dependent on the iTunes Music Store for downloads."

You mean to tell me that this isn't even about P2P and unauthorized downloading? Sony has their knickers in a twist because Apple has been kicking their arses all over the innovation and digital music schoolyard?
So the mature response from a major global conmsumer electronics corporation is to take their ball and go home?

DRM is now being used as a competitive economic weapon -- not as an anti-piracy tool.

As a music consumer, I find this ridiculous. Why I cannot use a legally purchased CD -- because Sony is miffed at Apple for creating the 2000's version of their Walkman -- is beyond absurd. I am very, very annoyed at this.

I wrote to Suncomm to complain about this DRM. Their website encourages people to write to Apple and request them to "Open up their proprietary technology."

Yeah, spare me your lectures. Just because your client failed to create a digital music player and legal downloading store, doesn't mean that I have to get conscripted in your lobbying ploy.

Just tell me where CD purchasers should send their crippled discs back for a refund, I ask them.

UPON RECEIPT, THEY SEND ME AN EMAIL TELLING ME HOW TO WORK AROUND THE DRM:

"If you have a PC place the CD into your computer and allow the CD to automatically start. If the CD does not automatically start, open your Windows Explorer, locate the drive letter for your CD drive and double-click on the LaunchCD.exe file located on your CD.

Once the application has been launched and the End User License Agreement has been accepted, you can click the Copy Songs button on the top menu.

Follow the instructions to copy the secure Windows Media Files (WMA) to your PC. Make a note of where you are copying the songs to, you will need to get to these secure Windows Media Files in the next steps.

Once the WMA files are on your PC you can open and listen to the songs with Windows Media Player 9.0 or higher. You may also play them in any compatible player that can play secure Windows Media files, such as MusicMatch, RealPlayer, and Winamp, but it will require that you obtain a license to do so. To obtain this license, from the Welcome Screen of the user interface, click on the link below the album art that says If your music does not play in your preferred player, click here. Follow the instructions to download the alternate license. PLEASE NOTE: This license is only necessary for playing the copied songs in a media player other than iTunes or Windows Media Player. If you are just trying to use iTunes, simply continue with these instructions.

Using Windows Media Player only, you can then burn the songs to a CD. Please note that in order to burn the files, you need to upgrade to or already have Windows Media Player 9 or greater.

Once the CD has been burned, place the copied CD back into your computer and open iTunes. iTunes can now rip the songs as you would a normal CD."

So this entire rigamarole won't even protect the CD contents -- its merely a very annoying interference with my ability to enjoy the legal uses of a product I actually wanted to purchase.

But wait, there's more! As if that's not absurd enough, they remind me that none of this is necessary at all. As noted above, its nothing more than a swipe at Apple:

"Please note an easier and more acceptable solution (to who?) requires cooperation from Apple, who we have already reached out to in hopes of addressing this issue. To help speed this effort, we ask that you use the following link to contact Apple and ask them to provide a solution that would easily allow you to move content from protected CDs into iTunes or onto your iPod rather than having to go through the additional steps above."

http://www.apple.com/feedback/ipod.html

If you think that this cannot get any dumber, you would be wrong. The coup de grace of this exercise in corporate stupidity is this:

"If you have a Mac computer you can copy the songs using your iTunes Player as you would normally do."

Words simply fail me . . .

ressem

Umm. Clicking on LaunchCD and accepting the EULA is how the CD filter gets installed in the first place.

http://www.f-secure.com/weblog/#00000691

Says to contact Sony at the link provided on that page. They'll issue more software (Activex components) to remove this software. Assuming you trust 'em.
And again, it's not a rootkit. It hides itself in a way that is associated with rootkits, and using a rootkit detector on your machine might only partially remove it, leaving the CD drive disabled.

digitaldeath

The CD filter may get installed - but it's possible to get around it as I said above.

Digi.

po0k

f-secure are decent, from my experience.

Karoma

SyxPak wrote:

f-secure are decent, from my experience.

agreed.

It may not be a complete rootkit that eliminates the security of a system on which it is installed, however, who's to say that it won't lead to a compromise?
The main issues here are that a) They have installed software without explicitly advising the computer user. b) It is,without doubt, unexpected behaviour (One does not expect this when playing a music CD!) c) It degrades the performance and stability of the system on which it is installed.
... it's closer to spyware than a rootkit ..for now.

nadir

Freebsd, linux, flac and mplayer. Rock and Roll DRM!

SolarNexus

I wonder... is there even a law prohibiting software being installed without the users permission? I hope so.

greglo23

theres an even more detailed article on ars technica http://tinyurl.com/a75rx. it also links to an article on sysinternals which gives the full details on rootkits and a tool ; RootkitRevealer !!

Wertz

SolarNexus wrote:

I wonder... is there even a law prohibiting software being installed without the users permission? I hope so.

I'm sure it's mentioned in the EULA, albeit in legalese.

[edit] Although most of the above links don't seem to think so....from a legal standpoint they couldn't be that dumb could they? Oh wait...this is the company that came up with the PSP firmware...nevermind

Capt'n Midnight

http://www.sysinternals.com/Blog/ - technical details
Basically it's badly written software that is difficult to remove without disabling your CD. It runs in safe mode so if it breaks you may not even be able to get into windows again.

The other files claimed to be part of the “Essential System Tools” product from a company called “First 4 Internet”:

Process Explorer showed the player as being from Macromedia, but I noticed an increase in CPU usage by $sys$DRMServer.exe, one of the previously cloaked images, when I pressed the play button. A look at the Services tab of its process propertieds dialog showed it contains a service named “Plug and Play Device Manager”, which is obviously an attempt to mislead the casual user that stumbles across it in the Services MMC snapin (services.msc) into thinking that it’s a core part of Windows:

I closed the player and expected $sys$DRMServer’s CPU usage to drop to zero, but was dismayed to see that it was still consuming between one and two percent. It appears I was paying an unknown CPU penalty for just having the process active on my system.
...
I checked the EULA and saw no mention of the fact that I was agreeing to have software put on my system that I couldn't uninstall. Now I was mad.
...
I deleted the driver files and their Registry keys, stopped the $sys$DRMServer service and deleted its image, and rebooted. As I was deleting the driver Registry keys under HKLM\System\CurrentControlSet\Services I noted that they were either configured as boot-start drivers or members of groups listed by name in the HKLM\System\CurrentControlSet\Control\SafeBoot subkeys, which means that they load even in Safe Mode, making system recovery extremely difficult if any of them have a bug that prevents the system from booting.

When I logged in again I discovered that the CD drive was missing from Explorer. Deleting the drivers had disabled the CD. Now I was really mad.
...
The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.

greglo23

i found out i had one of these on my computer from an unlikely source. i was playing call of duty online and i got kicked from the server by punkbuster. it reported that i had a problem with windows api. it took me four days and lots of different tools to get rid of it but now i cant use internet explorer anymore cos its goosed.

Capt'n Midnight

http://www.theregister.co.uk/2005/11/04/secfocus_wow_bot/print.html - World of Warcraft hackers using Sony BMG rootkit

Wertz

Haha....karma or what
Sony rootkit V The Warden...and the winner is? WoW haxx0rz :v: