Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

Skip to comments.

Sony to Help Remove its DRM Rootkit
Beta News ^ | 11/02/05 | Nate Mook

Posted on 11/02/2005 7:04:33 PM PST by Cicero

Sony to Help Remove its DRM Rootkit By Nate Mook, BetaNews November 2, 2005, 4:04 PM When Mark Russinovich was testing his company's security software last week, he came across a disturbing find: a Sony BMG CD he purchased from Amazon had secretly installed DRM software on his PC and used "rootkit" cloaking methods to hide it. With the story sweeping across the Net, Sony is attempting to clean up its mess.

DRM, or digital rights management, is nothing new to CDs. Record companies began employing software to prevent users from easily transferring tracks to a PC after the explosion of file sharing activity that followed Napster's debut in 1999. But for the most part, the DRM was quite rudimentary and only required the pressing of the "shift" key to bypass.

Not so with Sony's latest batch of CDs from Switchfoot, Van Zant and others. Using technology developed by British software company First 4 Internet, the CDs limit the number of copy-protected backups that can be made. To enforce the restriction, software and drivers are installed without a user's knowledge when the CD is accessed.

Russinovich first discovered a hidden directory and several hidden device drivers -- none of which would show up in Windows Explorer. He soon found the driver responsible for the cloaking, which was designed to hide every file and location that begins with: $sys$.

After tracing the rouge software back to his recently purchased Van Zant CD, Russinovich attempted to uninstall the DRM, but to no avail.

"I didn't find any reference to it in the Control Panel's Add or Remove Programs list, nor did I find any uninstall utility or directions on the CD or on First 4 Internet's site. I checked the EULA and saw no mention of the fact that I was agreeing to have software put on my system that I couldn't uninstall," he wrote on his company's blog. "Now I was mad."

When he forcibly removed the software and registry entries by hand, Russinovich found his CD player was no longer functional. Further advanced registry hacking fixed the problem, but he noted that the vast majority of computer users would simply "cripple their computer" if they tried to delete the First 4 Internet DRM.

Although cloaking files and not providing a method of removal is not dangerous in and of itself, the case sparked a flurry of discussion online. Most users agreed that the actions of Sony and First 4 Internet questionable at best, and security experts warned of potential threats. For example, a virus writer could simply hide files by naming them using the $sys$ prefix.

For its part, First 4 Internet claimed the technology was only found on CDs from earlier this year and said it had created new methods to hide the DRM. Nonetheless, the company has decided to issue a patch to eliminate the cloaking and "allay any unnecessary concerns."

The patch will be made available for download from Sony BMG's Web site, with another offered directly to antivirus vendors. The DRM software will not be removed, however, only uncovered; that means users will still be unable to delete it without risk of rendering their CD drive inoperable.

Customers must contact Sony BMG support for removal instructions.

"While I believe in the media industry's right to use copy protection mechanisms to prevent illegal copying, I don't think that we've found the right balance of fair use and copy protection, yet," said Russinovich. "This is a clear case of Sony taking DRM too far."


TOPICS:
KEYWORDS: bmg; cd; drm; sony
Navigation: use the links below to view more comments.
first 1-2021-4041-48 next last
This is serious business. Sony had better get busy with an Antivirus specialist and make a little kit that tests whether users have installed this malware, and if it is present, allows easy removal without jumping through nine hoops.
1 posted on 11/02/2005 7:04:33 PM PST by Cicero
[ Post Reply | Private Reply | View Replies]

To: Protagoras

you were saying about how this is just a "poor little industry" protecting itself from thieves? look what its doing to the PCs of people WHO BUY THE CD HONESTLY.


2 posted on 11/02/2005 7:08:00 PM PST by oceanview
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cicero

Do you smell that? That's the smell of chum in the water.

Expect lawsuits soon - especially if this appears in a lawyer's office.


3 posted on 11/02/2005 7:08:06 PM PST by Spktyr (Overwhelmingly superior firepower and the willingness to use it is the only proven peace solution.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cicero

Is this even legal?

Sounds like the making of a class-action lawsuit for mass-hacking of computer devices - which is also a criminal violation.


4 posted on 11/02/2005 7:08:10 PM PST by seacapn
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cicero

I have been reading some horror stories about the effects of DRM malware. Microsoft admits now that if anyone changes a drive or otherwise changes a computer's configuration, the user would have to pay again to use the content that had already been purchased once. This is going to blow up in the faces of Sony/BMG and Microsoft and any other companies that were stupid enough to attempt to slip this by...


5 posted on 11/02/2005 7:08:28 PM PST by TommyDale
[ Post Reply | Private Reply | To 1 | View Replies]

To: oceanview

I have a Mac. This can't happen on it.


6 posted on 11/02/2005 7:09:04 PM PST by Spktyr (Overwhelmingly superior firepower and the willingness to use it is the only proven peace solution.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Cicero
After tracing the rouge software

Beware that rouge software.

7 posted on 11/02/2005 7:09:29 PM PST by Izzy Dunne (Hello, I'm a TAGLINE virus. Please help me spread by copying me into YOUR tag line.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cicero
"...allow(s) easy removal without jumping through nine hoops."

Or get ready for a bruising class action lawsuit.

8 posted on 11/02/2005 7:09:54 PM PST by Anti-Bubba182
[ Post Reply | Private Reply | To 1 | View Replies]

To: Spktyr
I have a Mac. This can't happen on it.

This might be the stuff that doesn't work on Windows if you hold down the SHIFT key (every damn time).

9 posted on 11/02/2005 7:10:44 PM PST by Izzy Dunne (Hello, I'm a TAGLINE virus. Please help me spread by copying me into YOUR tag line.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Spktyr

except that congress has passed so many laws changing copyrights - the industry can do almost anything they want and get away with it legally. and its only getting worse. fair use is gone, and soon enough, your PC and your digital TV will simply be something you "rent" from MSFT, the RIAA, and the MPAA.


10 posted on 11/02/2005 7:10:46 PM PST by oceanview
[ Post Reply | Private Reply | To 3 | View Replies]

To: Spktyr

why, because it won't autoload CDs when you put them into the drive? or because you don't perform that action as "superuser" on the box?


11 posted on 11/02/2005 7:12:10 PM PST by oceanview
[ Post Reply | Private Reply | To 6 | View Replies]

To: oceanview

Apple's been going the other way on that. See the FairPlay concept, etc.


12 posted on 11/02/2005 7:12:50 PM PST by Spktyr (Overwhelmingly superior firepower and the willingness to use it is the only proven peace solution.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Cicero

All your songs will soon belong to us.
And all your software.
And all your blogs.
And all your e-mail/IM.
And all your files.
And all your cell calls.
And you, citizen.


13 posted on 11/02/2005 7:14:40 PM PST by polymuser (")
[ Post Reply | Private Reply | To 1 | View Replies]

To: oceanview

We have an "autorun" equivalent, but it doesn't run that function as superuser. More to the point, if something tries to mess with the core OS (which it would have to do in order to make something like this work), the OS itself says "hey, wait a sec" and alerts the user, requesting their password.


14 posted on 11/02/2005 7:14:47 PM PST by Spktyr (Overwhelmingly superior firepower and the willingness to use it is the only proven peace solution.)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Cicero
Isn't there a ton of laws on the books that expressly forbids the installation of software onto a computer without the permission of the user?

Isn't installing this software onto a networked machine invading someone's network?

If Fitzy isn't busy in Washington DC anymore, this would be a good case to prosecute. That is if the government can crawl out of the RIAA's pockets first.
15 posted on 11/02/2005 7:15:01 PM PST by kingu (Draft Fmr Senator Fred Thompson for '08.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Spktyr

The malware doesn't install on Macs? And the CDs still function?


16 posted on 11/02/2005 7:16:12 PM PST by BikerNYC (Modernman should not have been banned.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Cicero

Charge them storage space at the tune of $100 per byte per hour and send them a bill!

A charge of trespass and breaking and entering would also be appropriate in this case since they had no permission to invade the computer.

Burn them and all the lawyers and judges and crooked politicians who are encouraging this. The PAYOLA must be huge for the republican congress.


17 posted on 11/02/2005 7:17:42 PM PST by soltice
[ Post Reply | Private Reply | To 1 | View Replies]

To: oceanview
why, because it won't autoload CDs when you put them into the drive? or because you don't perform that action as "superuser" on the box?

Both.

18 posted on 11/02/2005 7:17:51 PM PST by SedVictaCatoni (<><)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Spktyr

I have a mac ==== poor thing === you are next! That's all.


19 posted on 11/02/2005 7:18:38 PM PST by soltice
[ Post Reply | Private Reply | To 6 | View Replies]

To: Spktyr

I have a mac ==== poor thing === you are next! That's all.


20 posted on 11/02/2005 7:18:39 PM PST by soltice
[ Post Reply | Private Reply | To 6 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-48 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson