Yesterday, Windows innards guru Mark Russinovich of Sysinternals wrote of his disturbing discovery regarding one of those newfangled "copy-protected CD's.

(These are music CD's that self-install software on your computer, and then prevent you from doing some of the things you might want to do with it -- like copy a song for a mix CD.

Some artists have spoken out against this freedom-reducing scheme that has been used on their CD's without their consent -- although major record labels working against the interests of artists is nothing new.)

Russinovich discovered that this CD had installed its software in an extremely well hidden way, via something called a "rootkit," which basically interferes with the operating system kernal so that it becomes extremely difficult to detect its presence, or to remove it.His findings included:
This hidden software appeared to be poorly written, and was hogging up some of his computer's resources at all times, even when he wasn't playing the CD. Its hiding techniques would also have inadvertently made it easy for others to hide software on his machine. It took actions that could have resulted in a system crash. It tried to disguise itself as a legitimate Windows service. It didn't provide a way to remove the software. Upon his own manual removal of the software, his CD drive was rendered useless.

These are exactly the techniques commonly used by the most insidious malware (viruses, worms, spyware, etc.), the ones that are so difficult to remove from Windows machines.
And he found that this software had been installed by the CD he'd gotten from Sony.

The End User License Agreement (EULA) from Sony went into none of these details, merely saying that "a small proprietary software program" would be installed on his machine.

The EULA actually mentioned removal of the software, even though there was no means provided to remove what he had found.
This is a big deal, and one might expect a lawsuit (class action?) to evolve out of this (putting aside the "Waiver of Trial by Jury" clause in the EULA).

Here's Russinovich's article: "Sony, Rootkits and Digital Rights Management Gone Too Far (http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html)" (which is quite thorough and very technical).The wise and careful (who of course already avoid DRM, by not buying protected CD's, or protected audio from the iTunes Store) who scan their machines for malware (with free tools such as Spybot-Search & Destroy and Ad-Aware) might consider adding the free Sysinternals RootkitRevealer tool to their arsenal.

:source: Source: Read More (http://blog.wfmu.org/freeform/2005/11/sony_cds_caught.html)
:view: Homepage: Original post on Sysintertnals (http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html)

Oh god...never putting a new music CD in my drive again...What were they thinking?

isnt this illegal. Im sure it is becuase it doesnt even ask you or show you. I hope they get sued. :P

Sony Offers Removal Technique on Cloaked DRM Software

If the record labels are trying to win the DRM (Digital Rights Management) public relations war, they are off to an atrocious start. The intention of DRM is to protect the intellectual property rights of content owners. Being the blanket term it is, DRM can take the form of virtually any technique.

On October 31, 2005, the Internet community learned how ugly these techniques could get. Mark Russinovich, an expert on the internals of Windows and one of the writers behind Sysinternals.com, discovered (http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html) evidence of a rootkit on one of his computers.

Rootkits are sneaky pieces of software that hide on one's computer. They are virtually invisible to most, if not all, conventional anti-spyware and anti-virus software. You may ask why they hide themselves from diagnostic software scans. This is done because they are most often associated with the worst kinds of software on the Internet. No, not Grokster, but other malicious software such as viruses, trojans, and other malware.

Using RootKitRevealer (RKR), Mark Russinovich discovered a "hidden directory, several hidden device drivers, and a hidden application"

After a lengthy and clever investigation, Mark Russinovich discovered the Rootkit was part of a DRM copy protection scheme devised by a company named First4Internet. First4Internet had developed a DRM technology dubbed XPC, or Extended Copy Protection, which it licensed (http://news.cnet.co.uk/digitalmusic/0,39029666,39189658,00.htm) to Sony-BMG Music. The copy protections software had been included on the Sony-BMG CD "Get Right with the Man" by the Van Zant brothers, which Russinovich had played on the computer in question.

The fact this software couldn’t be detected by conventional spyware or virus sweepers was bad news, but certainly not the worst. If an inexperienced individual were to remove the cloaked files after discovery with RKR, the individual's computer may become seriously crippled. Although Sony repeatedly attempted to hide behind their EULA, which made no mention of this software, the public backlash proved too much for Sony-BMG to bear. Even those who support an artist's right to protect their content were scornful of this inexcusable move by Sony-BMG.

In response, Sony-BMG Music was forced to provide a method to remove this cloaked DRM software. In an update issued today, Sony-BMG issued the following statement (http://cp.sonybmg.com/xcp/english/updates.html):

"November 2, 2005 - This Service Pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers."

It’s interesting that Sony-BMG Music felt they could hide this kind of copy protection scheme from the public. The music industry is in a difficult position as "legitimate" downloads have stagnated and the P2P population continues to increase. A public relations nightmare such as this, especially one that draws attention to DRM and its implications, is definitely not what the music industry needs.

:source: Source: http://www.slyck.com/news.php?story=977

The methods they are employing are an outrage.

Something which happened to me now begins to make sense.

I installed a firmware upgrade on my SONY dvd burner. After the upgrade I got messages saying that there were problems with a particular cd driver. I found out it was part of Roxio DirectCD, which I had never installed. :blink: Since I didn't use that driver I simply disabled it, though I could never understand how a firmware upgrade on a piece of hardware could have this effect. I even queried SONY about it, but never received a reply.

Some time later I was having other problems with my cd/dvd drives so I had a general cleanup. I didn't connect the two at the time, but from that point on my dvd burner repeatedly stopped recognising recordable disks. I assumed it was simply getting old. Since newer faster burners were available I invested in a new drive (not SONY).

The old SONY drive has been sitting around for some time. I've kept meaning to see if it could be repaired, or if not simply to throw it away. However, last week I urgently (I was installing F.E.A.R) needed a dvd drive on my Windows XP x64 edition system. I decided to give the SONY drive one last attempt. It works perfectly. The new system has never had any SONY software anywhere near it.

I had already decided that I would have to think carefully before buying another SONY product, simply because of what appeared to be poor quality. This has now hardened to the point where I will never under any circumstances buy another of their products.:angry:

Check this out:

Since March 2005, Sony BMG is using a rootkit-based DRM system on some newer audio CDs. This DRM system is a serious hazard to each Windows based PC. Well known websites like F-Secure.com and SysInternals.com are confirming this exposure.

If AnyDVD is installed and active on a PC, this new so-called "Sony DRM Rootkit Virus" has no access to the operating system and the affected audio CD appears unprotected regardless!

"What the heck Sony thought to themselves," SlySoft's CEO Giancarlo Bettini was kidding, "maybe they wanna build their own bot net?".

This "anti rootkit protection" is not a new function of AnyDVD , rather it is the nature of AnyDVD to filter all undesired stuff between a CD/DVD drive and the operating system. It is just one example, how well AnyDVD's option to "Remove CD Digital Audio
Protection" is working.

Link (http://www.cdfreaks.com/news/12624)

Oh and it seems that thanks to Sony's work,cheaters can now go unnoticed on WOW...


Want to cheat in your online game and not get caught? Just buy a Sony BMG copy protected CD.

World of Warcraft hackers have confirmed that the hiding capabilities of Sony BMG's content protection software can make tools made for cheating in the online world impossible to detect. The software--deemed a "rootkit" by many security experts--is shipped with tens of thousands of the record company's music titles.

Blizzard Entertainment, the maker of World of Warcraft, has created a controversial program that detects cheaters by scanning the processes that are running at the time the game is played. Called the Warden, the anti-cheating program cannot detect any files that are hidden with Sony BMG's content protection, which only requires that the hacker add the prefix "$sys$" to file names.

Despite making a patch available on Wednesday to consumers to amend its copy protection software's behavior, Sony BMG and First 4 Internet, the maker of the content protection technology, have both disputed claims that their system could harm the security of a Windows system. Yet, other software makers that rely on the integrity of the operating system are finding that hidden code makes security impossible.

Link (http://www.securityfocus.com/brief/34?ref=rss)

Sony BMG is facing three lawsuits over its controversial anti-piracy software.Revealed in late October by Windows expert Mark Russinovich, the software copy protection system hides using virus-like techniques.

One class-action lawsuit has already been filed in California and another is expected in New YorkDigital rights group, the Electronic Frontier Foundation (EFF), is also gathering information from users to see if a case can be brought.

:source: Source: http://news.bbc.co.uk/1/hi/technology/4424254.stm

:01:
I hope Blizzard Entertainement will sue too.

Good! :01:

Took long enough!!:dry: Hope they win though. :01:

Good hope they get millions.

I was reading another article today, it said you have to install a special player to play the Sony cd's. Thats how the crap is installed ? :dry:



http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2005/11/11/MNGFMFMNV61.DTL


Oh shit I feal dumb now , reread Filiz and twister's posts about the rootkit . :)

Interesting update ! :) Sony Recalls XCP CDs


http://www.rollingstone.com/news/story/_/id/8832306/treyanastasio?pageid=rs.News&pageregion=double1&rnd=1132182314390&has-player=unknown

Hahaha, they are in deep shit. Especially as Microsoft are going to remove it anyway in the next set of patches, classing it as malicious code... :01:

what makes this story hilarious is the fact sony are meant to have violated the copyright of the lame project to try to protect their own.

http://dewinter.com/modules.php?name=News&file=article&sid=215

Pretty funny stuff 4play.

Trying to gauge the damage caused by Sony-BMG’s rootkit DRM will take years to comprehend. The gaping wound caused by Sony-BMG exists well beyond infected computers, security problems, and a tarnished reputation. The record label’s entire philosophy on P2P networking, Internet piracy and DRM has been effectively destroyed.

The copyright industry has attempted to persuade P2P users back into the record stores by exploiting a largely overblown claim that file-sharing networks expose risks to malicious software. On June 14, 2004, MPAA CEO Dan Glickman made the following statement.

"While these P2P services would have users believe they simply offer an easy way to download movies and music, they really do much more. It is well-documented that using these services can lead to user’s computers being infected with spy ware and viruses. Often, unwitting users have their most sensitive, private information exposed to unfriendly eyes around the world. Further, P2P systems have been used by pornographers as an easy avenue to reach children."

This argument by the copyright industry has been annihilated. Computer Associates labeled Sony-BMG’s rootkit as both spyware and a trojan horse. Minimum estimates suggest as many as 500,000 individuals have Sony-BMG’s rootkit DRM installed – far exceeding any infections caused by P2P networking.

Even without an official label by Computer Associates, the public perception of Sony-BMG’s rootkit is that of distrust. In an ironic twist of fate, computers infected with Sony-BMG’s DRM software run the serious risk of being exposed to malicious software. Considering the files Sony-BMG use are hidden from anti-virus and anti-spyware applications, any virus writer can write an identically named file and exploit an untold number of computers.

The copyright industry has also preached from a moral standpoint. Believing there is a parallel between downloading a file from the Internet and physically stealing a CD from a music store, both the music and movie industry have accused file-traders of moral corruption.

"This is not just about online versus offline," said Hilary Rosen, former president and CEO of the RIAA. "Most in the online business community recognize that what Napster is doing threatens legitimate e-commerce models - and is legally and morally wrong."

Much like the virus argument, the “moral” argument has also been vanquished. The reason why Sony-BMG found itself in so much trouble is because they hid information – otherwise known as deception – and thought they could get away with it. The specifics of Sony-BMG’s rootkit were never disclosed in the EULA, and they certainly did not disclose the consequences of its removal. Whatever moral standpoint the copyright industry had was effectively nullified when Sony-BMG and First4Internet inked their deal.

Although Sony-BMG succeeded in negating the music and movies industry anti-P2P argument in one swift stroke, that’s not the extent of the damage. The music and movie industry’s Digital Rights Management (DRM) campaign – once shrouded in secrecy – has also suffered irreparable harm.

DRM (Digital Rights Management) is a blanket term used to describe copy protection on any digital medium. The protection can be simple, such as blocking unlicensed search terms, or very complex, such as First4Interent’s XCP (extended copy protection.) The deployment of DRM can be considered secretive because very few individuals are actually aware of it.

During a recent anti-DRM protest in New York City, a wide majority of individuals were unaware that such copy protection even existed.

Sony-BMG managed to change all of that.

The last thing record labels want is a tremendous amount of attention drawn to the implementation of DRM. As if Sony-BMG’s actions weren’t bad enough, drawing negative publicity to the DRM issue on only compounded the situation.

Now people are very aware of the Sony-BMG fiasco and the implementation of DRM. What was once largely invisible to the average customer has been shot right into the spotlight. The term “DRM” is now associated with malignancies such as ‘virus’, ‘malicious software’, ‘deception’, ‘arrogance’, ‘distrust’, and ‘trojan.’

This situation has already delayed the implementation of DRM on CDs. Sony-BMG has ceased the manufacture of CDs with XCP software, and does not expect to reinstate their DRM policy until sometime next year. Other record labels are also coming under increased scrutiny for their DRM products, forcing EMI to state, “We don’t use rootkits.” With so much public scorn now directed towards DRM, record labels are facing the very real possibility that DRM in its current incarnation can no longer manage to exist.

Sony-BMG has managed to accomplish in 16 days what bloggers, the Electronic Frontier Foundation, writers, journalists, and niche sites have been working on for years. Sony-BMG has destroyed the music and movie industry’s arguments against P2P, and brought mainstream attention and public distaste to the DRM debate.

:source: Source: www.slyck.com

Hahahahahah. :lol: Sucks for them

Gotta give credit for the picture...
http://www.slyck.com/newspics/sony1.jpg


Now people are very aware of the Sony-BMG fiasco and the implementation of DRM. What was once largely invisible to the average customer has been shot right into the spotlight. The term “DRM” is now associated with malignancies such as ‘virus’, ‘malicious software’, ‘deception’, ‘arrogance’, ‘distrust’, and ‘trojan.’
Sounds close enough to the truth so nice to see it in the limelight.


This situation has already delayed the implementation of DRM on CDs. Sony-BMG has ceased the manufacture of CDs with XCP software, and does not expect to reinstate their DRM policy until sometime next year.
About time and maybe it should continue never again as its useless anyway.



Other record labels are also coming under increased scrutiny for their DRM products, forcing EMI to state, “We don’t use rootkits.” With so much public scorn now directed towards DRM, record labels are facing the very real possibility that DRM in its current incarnation can no longer manage to exist.
Nice knowing you and GTFO now.


Sony-BMG has managed to accomplish in 16 days what bloggers, the Electronic Frontier Foundation, writers, journalists, and niche sites have been working on for years. Sony-BMG has destroyed the music and movie industry’s arguments against P2P, and brought mainstream attention and public distaste to the DRM debate.
Thanks for assistants...

truns out sony also where probably using stolen code to make this torjan

http://hack.fi/~muzzy/sony-drm/

infact it was open source and also the work of non other then dvd jon bit ironic really.

In Canada Sony is recalling the 34 or so cd titles with XCP software . :D

All very interesting but what happened with the antivirus tools of all those millions of users?
Why did they let Sony install the malware to begin with?
What would prevent someone else from writing something similar?

It seems to me that any such suspicious activity should cause a big flag to be waved to us users before it would be permitted to be installed on our systems.

We should be outraged at the antivirus companies too! :angry:

Check out this article: http://linuxtoday.com/security/2005111802326OPSWNT

Someone must have built a lead shield around the RIAA headquarters in Washington, DC. It's the only way to explain how RIAA president Cary Sherman doesn't see the enormously serious consumer backlash against Sony-BMG. During a university press round table discussion, Cary Sherman spoke with university journalists on various file-sharing issues, including the Sony-BMG fiasco.

There are few individuals that would consider Sony-BMG's handling of the rootkit situation a job well done. To hide the copy-protection software, the Sony-BMG rootkit employed techniques typically used by hackers or virus writers. The purpose of a rootkit is to hide files or folders, making them invisible to standard anti-spyware or anti-virus software.

Sony-BMG used this very technology in their XCP (Extended Copy Protection) CDs, created by First4Internet. Anti-DRM arguments aside, Sony-BMG found itself in so much hot water was due to several reasons.

First, Sony-BMG never mentioned the extent or scope of the XCP technology in the EULA (the 3,000 word End User Licensing Agreement.) It was never mentioned files or folders would be hidden on one's machine. In addition, according to Sysinternals, when playing a CD on Sony-BMG's proprietary media player, it "...establishes a connection with Sony’s site and sends the site an ID associated with the CD."

Sony-BMG also never mentioned the potential damage caused when removing the rootkit. When Mark Russinovich, the individual who discovered Sony-BMG's rootkit, removed the clandestine software, the CD drive no longer functioned.

On top of all this, Russinovich also pointed out Sony-BMG’s rootkit presented a gapping security hole. Any virus writer could easily create a virus identically named to Sony-BMG's rootkit and take over an untold number of infected machines.

But all of this didn't appear to phase Sony-BMG much. Initially Sony-BMG and First4Internet denied there was security problem (until the first viruses started popping up.) Even when Sony-BMG released their web-based uninstaller, which posed even a greater security risk, security vulnerabilities were still denied. You may recall the following from Sony-BMG's November 2nd statement:

"This component is not malicious and does not compromise security."

Compounding the situation a Sony-BMG president chimed in on the issue. Thomas Hesse, president of Sony-BMG's Global Digital Business, told NPR News "Most people, I think, don't even know what a Rootkit is, so why should they care about it?"

Perhaps at that moment, few people knew or cared about rootkits. But that changed in a matter of days. It was obvious within a two weeks that an enormous public backlash had erupted against Sony-BMG, one that may threaten the very existence (http://www.canada.com/national/nationalpost/news/story.html?id=9682a973-f0e4-4610-819f-f96bf087ec43) of DRM. Seemingly downplaying the issue, Cary Sherman responded to a reports question on whether the RIAA condoned the actions of Sony-BMG.

"The problem with the SonyBMG situation is that the technology they used contained a security vulnerability of which they were unaware. They have apologized for their mistake, ceased manufacture of CDs with that technology, and pulled CDs with that technology from store shelves. Seems very responsible to me. How many times that software applications created the same problem? Lots. I wonder whether they've taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?”

Although Sony-BMG “shared the concerns” and “deeply regret any inconvenience” its customers may have encountered, it never specifically came out with an apology. Sony-BMG never said “We are sorry for our mistake” and never said “We apologize...”

Seems very irresponsible.


:source: Source: http://www.slyck.com/news.php?story=1000

The Electronic Frontier Foundation (EFF), along with two leading national class action law firms, today filed a lawsuit against Sony BMG, demanding that the company repair the damage done by the First4Internet XCP and SunnComm MediaMax software it included on over 24 million music CDs.

EFF is pleased that Sony BMG has taken steps in acknowledging the security risks caused by the XCP CDs, including a recall of the infected discs. However, these measures still fall short of what the company needs to do to fix the problems caused to customers by XCP, and Sony BMG has failed entirely to respond to concerns about MediaMax, which affects over 20 million CDs -- ten times the number of CDs as the XCP software.

"Sony BMG is to be commended for its acknowledgment of the serious security problems caused by its XCP software, but it needs to go further to regain the public's trust," said Corynne McSherry, EFF Staff Attorney. "It is unconscionable for Sony BMG to refuse to respond to the privacy and other problems created by the over 20 million CDs containing the SunnComm software."

The suit, to be filed in Los Angeles County Superior court, alleges that the XCP and SunnComm technologies have been installed on the computers of millions of unsuspecting music customers when they used their CDs on machines running the Windows operating system. Researchers have shown that the XCP technology was designed to have many of the qualities of a "rootkit." It was written with the intent of concealing its presence and operation from the owner of the computer, and once installed, it degrades the performance of the machine, opens new security vulnerabilities, and installs updates through an Internet connection to Sony BMG's servers. The nature of a rootkit makes it extremely difficult to remove, often leaving reformatting the computer's hard drive as the only solution. When Sony BMG offered a program to uninstall the dangerous XCP software, researchers found that the installer itself opened even more security vulnerabilities in users' machines. Sony BMG has still refused to use its marketing prowess to widely publicize its recall program to reach the over 2 million XCP-infected customers, has failed to compensate users whose computers were affected and has not eliminated the outrageous terms found in its End User Licensing Agreement (EULA).

The MediaMax software installed on over 20 million CDs has different, but similarly troubling problems. It installs files on the users' computers even if they click "no" on the EULA, and it does not include a way to fully uninstall the program. The software transmits data about users to SunnComm through an Internet connection whenever purchasers listen to CDs, allowing the company to track listening habits -- even though the EULA states that the software will not be used to collect personal information and SunnComm's website says "no information is ever collected about you or your computer." If users repeatedly requested an uninstaller for the MediaMax software, they were eventually provided one, but they first had to provide more personally identifying information. Worse, security researchers recently determined that SunnComm's uninstaller creates significant security risks for users, as the XCP uninstaller did.

"Music fans shouldn't have to install potentially dangerous, privacy intrusive software on their computers just to listen to the music they've legitimately purchased," said EFF Legal Director Cindy Cohn. "Regular CDs have a proven track record -- no one has been exposed to viruses or spyware by playing a regular audio CD on a computer. Why should legitimate customers be guinea pigs for Sony BMG's experiments?"

"Consumers have a right to listen to the music they have purchased in private, without record companies spying on their listening habits with surreptitiously-installed programs," added EFF Staff Attorney Kurt Opsahl, "Between the privacy invasions and computer security issues inherent in these technologies, companies should consider whether the damage done to consumer trust and their own public image is worth its scant protection."

Both the XCP and MediaMax CDs include outrageous, anti-consumer terms in their "clickwrap" EULAs. For example, if purchasers declare personal bankruptcy, the EULA requires them to delete any digital copies on their computers or portable music players. The same is true if a customer's house gets burglarized and his CDs stolen, since the EULA allows purchasers to keep copies only so long as they retain physical possession of the original CD. EFF is demanding that Sony BMG remove these unconscionable terms from its EULAs.

The law firms of Green Welling, LLP, and Lerach, Coughlin, Stoia, Geller, Rudman and Robbins, LLP, joined EFF in the case. Sony BMG is also facing at least six other class action lawsuits nationwide and an action by the Texas Attorney General. EFF looks forward to representing the voice of digital music fans in the resolution of these disputes between Sony BMG and consumers.

:source: Source: http://www.eff.org/news/archives/2005_11.php#004192

Sony is now Bologna.

Its overdue for something like this and hopefully it will set a trend for what others shouldnt do in the future and not just choose to think the pubic is a retarded herd of sheep they can whatever they want to. The foolishness of this is that its set against their own legitimate customer base. The thought of it thwarting piracy in any manner is even more foolish. Ultimatly the use of this type of invasisve software is completly useless. Nice to see the EFF stepping into this as this warrants the return of their logo into my sig again...

I was waiting for this since like day one. You could even see my post somewhere here that says someone should sue them. :D

I was thinking 'enoughfakefiles' :wacko:

?? :wacko:

?? :wacko:

http://filesharingtalk.com/vb3/member.php?u=25772

...Nice to see the EFF stepping into this as this warrants the return of their logo into my sig again...
If it's ok with you, I'll add it to my sig too. ok?

...Nice to see the EFF stepping into this as this warrants the return of their logo into my sig again...
If it's ok with you, I'll add it to my sig too. ok?
I see no reason not to as myself Ive been on their mailing for quite some time now.
I feel they are one of the strongest forces in their field without question...

I'd like to see DVD Jon sue their asses off! lol

http://www.businessweek.com/technology/content/nov2005/tc20051122_343542.htm?campaign_id=rss_tech

http://www.boingboing.net/2005/11/28/sony_cd_spyware_inst.html

poor DRM is getting pwned! oh yea!