Sony-BMG's Rootkit
jeffd
Status: Assistant
Joined: 04 Oct 2003
Posts: 594
Reply Quote
Read Electronic Frontier's on this.

:: Quote ::
As we've mentioned before, Sony-BMG has been using copy-protection technology called XCP in its recent CDs. You insert your CD into your Windows PC, click "agree" in the pop up window, and the CD automatically installs software that uses rootkit techniques to cloak itself from you. Sony-BMG has released a "patch" that supposedly "uncloaks" the XCP software, but it creates new problems.


The article concludes with the advice to rip your Sony CDs and make non toxic versions you can actually play safely:

:: Quote ::
If you haven't been infected yet, to protect yourself from XCP in the future, disable "autorun" on your Windows PC. Once you have done so, however, these CDs may not be accessible under Windows unless you have specialized ripping software installed; these CDs are encoded in a way that intentionally confuses standard Windows CD drivers. For a smarter audio grabber for Windows, you may want to consider using Exact Audio Copy, which reportedly can read these CDs if you have turned off autorun and avoided infection by XCP.


this is a pretty major issue, Sony has gone far over the edge on this one, and, what's even stranger, they themselves appear to have used GPL'ed material in creating their rootkit. For those who don't know, that means they appear to have violated copyright in their copy protection software. Talk about irony. And idiocy.

:: Quote ::
The spyware that Sony installs on the computers of music fans does not even seem to be correct in terms of copyright law.

It turns out that the rootkit contains pieces of code that are identical to LAME, an open source mp3-encoder, and thereby breach the license.


Learn how to disable Windows autorun here, which is how you can avoid accidental infection with this spyware/rootkit.

If you have the bad luck to have gotten infected, there is some helpful advice at sysinternals.com

One disturbing point raised in that well done article:
:: Quote ::
A quick look through the trace log confirmed the users comment: the Player does send an ID to a Sony web site....

I doubt Sony is doing anything with the data, but with this type of connection their servers could record each time a copy-protected CD is played and the IP address of the computer playing it.


Read part 1 - 2 - 3 - 4

Come on Sony, this isn't the first time I've seen your company do something utterly retarded.

2 years ago I discovered that Sony's software that came with a Sony portable CD player simply would not install on Windows. The machine was white box system, all legal installation of windows. I called customer 'service', where their drone proceeded to explain to me that it won't install on anything but Factory assembled computers, dell, gateway, etc.

I had to double check, then triple check, that this moron was not mistaken. He even went as far as to suggest that all non name brand pcs are using stolen Windows, and that this was for my protection.

Once I realized that the tech was actually being serious, and actually believed this nonsense, I hung up.

The moral of this story? Do not use Sony products until they stop doing such stupid things. Or better, since you can now never trust this company again, make sure to use cd rippers to make safe copies of your Sony CDs, don't use disk copy that is.

The ony thing Sony is going to do by this is to force more and more people into learning how to rip and copy copy protected CDs. That's the only result, literally. It's just so annoying, this attitude, it's hard to actually believe it. However, a lot of really dumb things have faded away quietly once the companies involved realized how incredibly dumb their idea was.

Sony really messed up here, this is fire the VP time I'd say:

Microsoft.com adds Sony rootkit to the list of spyware products its new antivirus/spyware tools delete. This is too funny, if MS thinks Sony went too far, Sony went several miles too far, this coming from the kings of DRM themselves.
Back to top
vkaryl
Status: Contributor
Joined: 31 Oct 2004
Posts: 273
Location: back of beyond - s. UT, closer to Vegas than SLC
Reply Quote
Laughable from one direction:

If people didn't insist on using computers for stuff like this, there wouldn't be a problem. You play cds on a cd player, not on your computer, you don't have spyware, rootkits etc.

*shrug* Anyone who persists in using computers for playing music when they have a perfectly good cd player (no, I do NOT believe they use a computer because they don't HAVE a cd player.... don't be silly) deserves whatever happens to them.
Back to top
jeffd
Status: Assistant
Joined: 04 Oct 2003
Posts: 594
Reply Quote
No, this case is actually pretty extreme, it doesn't matter what the thing you put in the cdrom actually does, it's that if you put it in there, it puts in spyware.

As abuses go, this one is pretty high up there. One major reason you put in a cd into your computer is to make a fair use, legal, copy, for yourself, for example, for putting in the car, taking to work, whatever.

This spyware was an attempt to move copy protection from the cd, where it belongs, to your computer, without actually telling you they were doing that. This was't neutral stuff, and it was very poorly done, so it could destabilize your system, and, if you tried uninstalling it as normal spyware, could actually make your system fail.

Also, you're not right about the cd player, you have no idea how many travelers use laptops to view dvds and listen to cds, it's very common.

My computer is hooked directly into my stereo, for example, although I have a cd player, if it broke I'd just use my computer, less junk to have around. My computer is my online radio receiver, so to speak.

You can see just how extreme it is by the fact that within weeks of the discovery, MS added this rootkit to their spyware and their antivirus signature files, a class action lawsuit was launched, Sony stopped putting this junk on their cds, although they'll still have to deal with the lawsuits, and the us computer security agency announced that this type of system destabilizing without alerting the user that the stuff is being installed was a completely unacceptable way to implement copy protection. Plus the potential violation of the GPL, which could also be quite major in terms of legal issues. It's hard to imagine a way to mess up worse, but I'm sure some company will figure out a way.
Back to top
techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Posts: 4128
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
There's been more on this case, the register republished a list of security focus questions most of which are pretty interesting, and definitely raise some pretty major issues about this particular approach [stupid, that is, the approach].

then there's the whole question of rootkits in general, read security focuses recent articles on windows rootkits, part 1 and part 2.

This question is quite a bit more interesting than I first realized reading this stuff, this is a pretty major screwup, not only did Sony put basically illegal rootkits on your computer, but these rootkits actually allow crackers to exploit what they do to install their own devices, and to hide them.

I'd expect this case to have pretty major outcomes in terms of what media companies can and can't do.
Back to top
Display posts from previous:   

All times are GMT - 8 Hours