Sony Installs 'Rootkits' On Users Machines!

[stevey]

In what's set to be 2005's hottest story yet Sony have been found to install illegal Trojan horse-based digital restrictions management (DRM) technology that installs itself as a rootkit on Windows PCs.

Users who purchase certain Sony Music CDs from online stores like Amazon are subject to this rootkit being installed on their machines. According to Sysinternals' Mark Russinovich the kit installs itself in hidden directories and attempts to mask its existence as "Essential System Tools".

What's more fun is that attempting to remove the rootkit with common tools that perform a RKR scan will render a Windows XP machine useslesss. "Users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files," Mark wrote in an online blog entry yesterday.

So what exactly is Sony playing at? Installing rootkit software that's not identified in its EULA and rendering machines useless if users try to remove the software! This is taking the RIAA effort a little too far. The only way to fix your PC would be to do a total format.

 

[slavahosting]

ouch, if this is true sony is looking at getting sued by the first person to loose their harddrive that had something of high value on it.

 

[GeorgeK]

I read that on Slashdot last night -- crazy. The way to increase music revenues is to improve the product (better music), not to make it inconvenient for legitimate buyers.

 

[RTM.net]

I hit that news on the blogs also early last night (EST) and was pretty shocked. I'm sure they (hopefully) didn't think through the liability ramifications before the coders embedded this, err, feature into their content.

As George said: improve the content, don't make customers prisoners of your ways and means.

Rob

 

[jdk]

Can we say class-action?

 

[nts]

Wow, I can't beleive sony would do something like that, anti-piracy is getting out of hand, record companys seem to think they can do whatever they want.

 

[007]

If this is true, Sony is going to be in for a world of hurt... They will need to release a removal utility, and if they do, they will make themselves look worse by admitting that they did it. This won't be fun for them.. Big oops.

 

[Jonathan]

It might be a good investment to go out and buy lots and lots of cds... for the class action lawsuit. ;-)

 

[Luc]

It might be a good investment to go out and buy lots and lots of cds... for the class action lawsuit. ;-)

who says you need to buy? i'll just copy them from a friend of my friends friend and say i bought them and get in on the action. arty:

seriously though. i heard about something similar to this a few weeks back and it did not surprise me. it had to do with people who purchased certain CDs at best buy and were unable to put the music on their ipod due to DRM restrictions. i think a few of the big labels are doing it as well. online music piracy is costing them mega bucks and i guess they finally figured out how to slow it down, though it won't make their customers happy.

very very naughty of sony.

 

[Domagon]

Nothing new really ... AutoRun (NOT the same as AutoPlay) in Windows is a huge security hole that allows most any program to run by merely inserting a CD / DVD.

Some folks may think no biggie because they assume they'll be prompted first ... wrong! ... some programs will NOT prompt and automatically silently run and install.

To make matters worse, disabling AutoRun (NOT the same as AutoPlay) isn't obvious ... to disable it requires editing some entries in the Windows registry.

Ron

 

[dotcomgiant]

well , this is a direct attack on user's rights. It should be protested to ensure any such attacks in future from other companies.

 

[MrDude]

Any guesses on how long before Sony are in court? I say 2-3 Weeks

On a side note..Making the CD's restricted so they cant go on Ipods etc will cause people to see CD's as useless and use alternative sources such as P2P.

They will never stop piracy, It could take me 5 minutes to bootup linux and rip the media then save on HD, . In my opinion they made a huge mistake..annoyed customers will look elsewere..Afterall how many people actually carry CD players around compared to Ipods and MP3 players?

 

[mole]

Nothing new really ... AutoRun (NOT the same as AutoPlay) in Windows is a huge security hole that allows most any program to run by merely inserting a CD / DVD.

:dead:

 

[Domagon]

I'm not sure why this is all of sudden news - various music CDs have long auto-installed programs to make them appear "copy protected" on a PC...

A native music CD can't physically be copy protected - about the most they can physically do to a native music CD is purposedly corrupt the CRC checksums, which can make copying a bit dicy on some computer hardware/software.

And thus the heavy reliance on AutoRun and installing hidden applications that prevent copying.

Don't folks remember the various tech stories awhile back about holding the 'shift' key when inserting a music CD ... that was to prevent AutoRun from running - again, this is not new at all.

With that said, it's nice to see the media reporting about it finally ...

Ron

p.s. most DVDs are both logically and physically copy protected - CSS encryption scheme plus some data physically written to an area of the DVD that consumer-grade DVD drives can't write to on consumer-grade blank DVDs. Makes copying extremely difficult, but on the bright side there's little need for DVDs to install any copy protection software since the format is pretty well locked-down already unlike the music CD format.

Ron

 

[stevey]

they have now released a patch to remove it:

Sony has released a patch for a music CD anti piracy technology after security experts warned that it forms a potential security risk.

The copyright protection software would automatically install when a consumer inserted a music CD with the XCP digital rights management technology in their computers. The software is designed to limit the number of copies that users can make of the CD and restrict ripping of the disk.

Software developer Mark Russinovich of Sysinternals on Monday reported that he had detected that Sony secretly had installed a rootkit on his system. He traced the software back to Sony and the XCP technology from First 4 Internet, an English software developer.

The rootkit served to hide the digital rights management technology from the user as well as the system itself, including anti virus software. When Russinovich tried to remove the application, he found that his CD drive was disabled.

Sony uses the rootkit to prevent the user from removing the copyright protection technology and violating Sony's copyright. But worm authors too could abuse this feature to hide malicious applications.

The patch will remove the cloaking capability of the software to enable users to remove the Sony tool. This will however render their systems incapable of playing the music CDs.

"Sony's motives are reasonable from their point of view, but it’s a terrible security hole," said Roger Thompson, chief executive of security provider Worm Radar.

"The risk is that [worms] now have a place to hide things where anti virus programmes can't see them. They can tug themselves in under the protection of that rootkit," he told vnunet.com.

Sony denies that the technology is malicious or compromises a security risk.

Rootkits are best known as hacker tools that allow them to hide malicious software and build a back door into a system. Botnet operators are increasingly using rootkits to prevent detection of their malware, which has given rise to a commercial industry to build and update these tools in the constant game of cat and mouse between malware creators and anti-virus companies.

While acknowledging the potential risks involved with the Sony rootkit, David Perry, global director of education with Trend Micro, said that the practical threat is very small.

"The only time when we see people use these vulnerability is when [the tool] reaches a substantial percentage of the public," Perry told vnunet.com. "As of yet this has a very small impact."

He added that the association of the Sony technology with rootkits probably caused the most outrage because the software is associated with hacker tools.

 

[Domagon]

Not quite ...

Sony only released a "patch" that simply "reveals" the files, and are working with various anti-virus software companies to ensure such files are skipped and not labeled as trogans, which of course they actually are.

In short, the patch only reveals the files - it does NOT remove any of the copy protection from the computer.

PC World article about this ...
http://www.pcworld.com/news/article/0,aid,123432,00.asp

Ron

 

[OgieOgalthorpe]

IMO this is unacceptible behaviour. Not only does it tick me off that Sony wants to control how I use something that I bought, they do so in an underhanded way that could have a severely negative impact on my computer.

 

[octobus]

It seems as if record companies are free to do whatever they wish.

My friend's CD player was destroyed by a copy protected disc.


It's funny how they then expect us to buy these products!

 

[Rarethings]

well said.