Sony, Rootkits and Digital Rights Management Fiasco

[Filliz]

[news=http://img59.imageshack.us/img59/6379/sony7xe.gif]Yesterday, Windows innards guru Mark Russinovich of Sysinternals wrote of his disturbing discovery regarding one of those newfangled "copy-protected CD's.

(These are music CD's that self-install software on your computer, and then prevent you from doing some of the things you might want to do with it -- like copy a song for a mix CD.

Some artists have spoken out against this freedom-reducing scheme that has been used on their CD's without their consent -- although major record labels working against the interests of artists is nothing new.)

Russinovich discovered that this CD had installed its software in an extremely well hidden way, via something called a "rootkit," which basically interferes with the operating system kernal so that it becomes extremely difficult to detect its presence, or to remove it.His findings included:

• This hidden software appeared to be poorly written, and was hogging up some of his computer's resources at all times, even when he wasn't playing the CD.
• Its hiding techniques would also have inadvertently made it easy for others to hide software on his machine.
• It took actions that could have resulted in a system crash.
• It tried to disguise itself as a legitimate Windows service.
• It didn't provide a way to remove the software.
• Upon his own manual removal of the software, his CD drive was rendered useless.

These are exactly the techniques commonly used by the most insidious malware (viruses, worms, spyware, etc.), the ones that are so difficult to remove from Windows machines.
And he found that this software had been installed by the CD he'd gotten from Sony.

The End User License Agreement (EULA) from Sony went into none of these details, merely saying that "a small proprietary software program" would be installed on his machine.

The EULA actually mentioned removal of the software, even though there was no means provided to remove what he had found.
This is a big deal, and one might expect a lawsuit (class action?) to evolve out of this (putting aside the "Waiver of Trial by Jury" clause in the EULA).

Here's Russinovich's article: "Sony, Rootkits and Digital Rights Management Gone Too Far" (which is quite thorough and very technical).The wise and careful (who of course already avoid DRM, by not buying protected CD's, or protected audio from the iTunes Store) who scan their machines for malware (with free tools such as Spybot-Search & Destroy and Ad-Aware) might consider adding the free Sysinternals RootkitRevealer tool to their arsenal.

Source: Read More
Homepage: Original post on Sysintertnals[/news]

[Hairbautt]

Oh god...never putting a new music CD in my drive again...What were they thinking?

[twisterX]

isnt this illegal. Im sure it is becuase it doesnt even ask you or show you. I hope they get sued.

[RealitY]

[news=http://www.slyck.com/newspics/copyright2.jpg]Sony Offers Removal Technique on Cloaked DRM Software

If the record labels are trying to win the DRM (Digital Rights Management) public relations war, they are off to an atrocious start. The intention of DRM is to protect the intellectual property rights of content owners. Being the blanket term it is, DRM can take the form of virtually any technique.

On October 31, 2005, the Internet community learned how ugly these techniques could get. Mark Russinovich, an expert on the internals of Windows and one of the writers behind Sysinternals.com, discovered evidence of a rootkit on one of his computers.

Rootkits are sneaky pieces of software that hide on one's computer. They are virtually invisible to most, if not all, conventional anti-spyware and anti-virus software. You may ask why they hide themselves from diagnostic software scans. This is done because they are most often associated with the worst kinds of software on the Internet. No, not Grokster, but other malicious software such as viruses, trojans, and other malware.

Using RootKitRevealer (RKR), Mark Russinovich discovered a "hidden directory, several hidden device drivers, and a hidden application"

After a lengthy and clever investigation, Mark Russinovich discovered the Rootkit was part of a DRM copy protection scheme devised by a company named First4Internet. First4Internet had developed a DRM technology dubbed XPC, or Extended Copy Protection, which it licensed to Sony-BMG Music. The copy protections software had been included on the Sony-BMG CD "Get Right with the Man" by the Van Zant brothers, which Russinovich had played on the computer in question.

The fact this software couldn’t be detected by conventional spyware or virus sweepers was bad news, but certainly not the worst. If an inexperienced individual were to remove the cloaked files after discovery with RKR, the individual's computer may become seriously crippled. Although Sony repeatedly attempted to hide behind their EULA, which made no mention of this software, the public backlash proved too much for Sony-BMG to bear. Even those who support an artist's right to protect their content were scornful of this inexcusable move by Sony-BMG.

In response, Sony-BMG Music was forced to provide a method to remove this cloaked DRM software. In an update issued today, Sony-BMG issued the following statement:

"November 2, 2005 - This Service Pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers."

It’s interesting that Sony-BMG Music felt they could hide this kind of copy protection scheme from the public. The music industry is in a difficult position as "legitimate" downloads have stagnated and the P2P population continues to increase. A public relations nightmare such as this, especially one that draws attention to DRM and its implications, is definitely not what the music industry needs.

Source: http://www.slyck.com/news.php?story=977[/news]

[Barbarossa]

The methods they are employing are an outrage.

[lynx]

Something which happened to me now begins to make sense.

I installed a firmware upgrade on my SONY dvd burner. After the upgrade I got messages saying that there were problems with a particular cd driver. I found out it was part of Roxio DirectCD, which I had never installed. Since I didn't use that driver I simply disabled it, though I could never understand how a firmware upgrade on a piece of hardware could have this effect. I even queried SONY about it, but never received a reply.

Some time later I was having other problems with my cd/dvd drives so I had a general cleanup. I didn't connect the two at the time, but from that point on my dvd burner repeatedly stopped recognising recordable disks. I assumed it was simply getting old. Since newer faster burners were available I invested in a new drive (not SONY).

The old SONY drive has been sitting around for some time. I've kept meaning to see if it could be repaired, or if not simply to throw it away. However, last week I urgently (I was installing F.E.A.R) needed a dvd drive on my Windows XP x64 edition system. I decided to give the SONY drive one last attempt. It works perfectly. The new system has never had any SONY software anywhere near it.

I had already decided that I would have to think carefully before buying another SONY product, simply because of what appeared to be poor quality. This has now hardened to the point where I will never under any circumstances buy another of their products.

[Filliz]

Check this out:

Since March 2005, Sony BMG is using a rootkit-based DRM system on some newer audio CDs. This DRM system is a serious hazard to each Windows based PC. Well known websites like F-Secure.com and SysInternals.com are confirming this exposure.

If AnyDVD is installed and active on a PC, this new so-called "Sony DRM Rootkit Virus" has no access to the operating system and the affected audio CD appears unprotected regardless!

"What the heck Sony thought to themselves," SlySoft's CEO Giancarlo Bettini was kidding, "maybe they wanna build their own bot net?".

This "anti rootkit protection" is not a new function of AnyDVD , rather it is the nature of AnyDVD to filter all undesired stuff between a CD/DVD drive and the operating system. It is just one example, how well AnyDVD's option to "Remove CD Digital Audio
Protection" is working.

Link

[Filliz]

Oh and it seems that thanks to Sony's work,cheaters can now go unnoticed on WOW...

Want to cheat in your online game and not get caught? Just buy a Sony BMG copy protected CD.

World of Warcraft hackers have confirmed that the hiding capabilities of Sony BMG's content protection software can make tools made for cheating in the online world impossible to detect. The software--deemed a "rootkit" by many security experts--is shipped with tens of thousands of the record company's music titles.

Blizzard Entertainment, the maker of World of Warcraft, has created a controversial program that detects cheaters by scanning the processes that are running at the time the game is played. Called the Warden, the anti-cheating program cannot detect any files that are hidden with Sony BMG's content protection, which only requires that the hacker add the prefix "$sys$" to file names.

Despite making a patch available on Wednesday to consumers to amend its copy protection software's behavior, Sony BMG and First 4 Internet, the maker of the content protection technology, have both disputed claims that their system could harm the security of a Windows system. Yet, other software makers that rely on the integrity of the operating system are finding that hidden code makes security impossible.

Link

[peat moss]

[news=http://www.sony.com/i/hdr_logo_sony.gif]Sony BMG is facing three lawsuits over its controversial anti-piracy software.Revealed in late October by Windows expert Mark Russinovich, the software copy protection system hides using virus-like techniques.

One class-action lawsuit has already been filed in California and another is expected in New YorkDigital rights group, the Electronic Frontier Foundation (EFF), is also gathering information from users to see if a case can be brought.

Source: http://news.bbc.co.uk/1/hi/technology/4424254.stm[/news]

[Filliz]

I hope Blizzard Entertainement will sue too.