Posted on 11/02/2005 7:04:33 PM PST by Cicero
Sony to Help Remove its DRM Rootkit By Nate Mook, BetaNews November 2, 2005, 4:04 PM When Mark Russinovich was testing his company's security software last week, he came across a disturbing find: a Sony BMG CD he purchased from Amazon had secretly installed DRM software on his PC and used "rootkit" cloaking methods to hide it. With the story sweeping across the Net, Sony is attempting to clean up its mess.
DRM, or digital rights management, is nothing new to CDs. Record companies began employing software to prevent users from easily transferring tracks to a PC after the explosion of file sharing activity that followed Napster's debut in 1999. But for the most part, the DRM was quite rudimentary and only required the pressing of the "shift" key to bypass.
Not so with Sony's latest batch of CDs from Switchfoot, Van Zant and others. Using technology developed by British software company First 4 Internet, the CDs limit the number of copy-protected backups that can be made. To enforce the restriction, software and drivers are installed without a user's knowledge when the CD is accessed.
Russinovich first discovered a hidden directory and several hidden device drivers -- none of which would show up in Windows Explorer. He soon found the driver responsible for the cloaking, which was designed to hide every file and location that begins with: $sys$.
After tracing the rouge software back to his recently purchased Van Zant CD, Russinovich attempted to uninstall the DRM, but to no avail.
"I didn't find any reference to it in the Control Panel's Add or Remove Programs list, nor did I find any uninstall utility or directions on the CD or on First 4 Internet's site. I checked the EULA and saw no mention of the fact that I was agreeing to have software put on my system that I couldn't uninstall," he wrote on his company's blog. "Now I was mad."
When he forcibly removed the software and registry entries by hand, Russinovich found his CD player was no longer functional. Further advanced registry hacking fixed the problem, but he noted that the vast majority of computer users would simply "cripple their computer" if they tried to delete the First 4 Internet DRM.
Although cloaking files and not providing a method of removal is not dangerous in and of itself, the case sparked a flurry of discussion online. Most users agreed that the actions of Sony and First 4 Internet questionable at best, and security experts warned of potential threats. For example, a virus writer could simply hide files by naming them using the $sys$ prefix.
For its part, First 4 Internet claimed the technology was only found on CDs from earlier this year and said it had created new methods to hide the DRM. Nonetheless, the company has decided to issue a patch to eliminate the cloaking and "allay any unnecessary concerns."
The patch will be made available for download from Sony BMG's Web site, with another offered directly to antivirus vendors. The DRM software will not be removed, however, only uncovered; that means users will still be unable to delete it without risk of rendering their CD drive inoperable.
Customers must contact Sony BMG support for removal instructions.
"While I believe in the media industry's right to use copy protection mechanisms to prevent illegal copying, I don't think that we've found the right balance of fair use and copy protection, yet," said Russinovich. "This is a clear case of Sony taking DRM too far."
you were saying about how this is just a "poor little industry" protecting itself from thieves? look what its doing to the PCs of people WHO BUY THE CD HONESTLY.
Do you smell that? That's the smell of chum in the water.
Expect lawsuits soon - especially if this appears in a lawyer's office.
Is this even legal?
Sounds like the making of a class-action lawsuit for mass-hacking of computer devices - which is also a criminal violation.
I have been reading some horror stories about the effects of DRM malware. Microsoft admits now that if anyone changes a drive or otherwise changes a computer's configuration, the user would have to pay again to use the content that had already been purchased once. This is going to blow up in the faces of Sony/BMG and Microsoft and any other companies that were stupid enough to attempt to slip this by...
I have a Mac. This can't happen on it.
Beware that rouge software.
Or get ready for a bruising class action lawsuit.
This might be the stuff that doesn't work on Windows if you hold down the SHIFT key (every damn time).
except that congress has passed so many laws changing copyrights - the industry can do almost anything they want and get away with it legally. and its only getting worse. fair use is gone, and soon enough, your PC and your digital TV will simply be something you "rent" from MSFT, the RIAA, and the MPAA.
why, because it won't autoload CDs when you put them into the drive? or because you don't perform that action as "superuser" on the box?
Apple's been going the other way on that. See the FairPlay concept, etc.
All your songs will soon belong to us.
And all your software.
And all your blogs.
And all your e-mail/IM.
And all your files.
And all your cell calls.
And you, citizen.
We have an "autorun" equivalent, but it doesn't run that function as superuser. More to the point, if something tries to mess with the core OS (which it would have to do in order to make something like this work), the OS itself says "hey, wait a sec" and alerts the user, requesting their password.
The malware doesn't install on Macs? And the CDs still function?
Charge them storage space at the tune of $100 per byte per hour and send them a bill!
A charge of trespass and breaking and entering would also be appropriate in this case since they had no permission to invade the computer.
Burn them and all the lawyers and judges and crooked politicians who are encouraging this. The PAYOLA must be huge for the republican congress.
Both.
I have a mac ==== poor thing === you are next! That's all.
I have a mac ==== poor thing === you are next! That's all.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.