Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Sony, Rootkits and Digital Rights Management Gone Too Far
Mark's Sysinternals ^ | Monday, October 31, 2005 | Mark's Sysinternals

Posted on 10/31/2005 7:59:57 PM PST by zeugma

From slashdot.org article:
"SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!) The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system."

Last week when I was testing the latest version of RootkitRevealer (RKR) I ran a scan on one of my systems and was shocked to see evidence of a rootkit. Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden (see my “Unearthing Rootkits” article from the June issue of Windows IT Pro Magazine for more information on rootkits). The RKR results window reported a hidden directory, several hidden device drivers, and a hidden application:


TOPICS: Business/Economy; Culture/Society; News/Current Events; Technical
KEYWORDS: drm; malware; privacy; privacylist; rootkit; sony; windows
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-8081-88 next last
Normally, I'd try to post the entire article, but I had issues with trying to get it formatted properly. Click the link above to sysinternals.com.

The bottom line on this: attempting to play some Sony BMG CDs (on windows) will result in a poorly written rootkit to be installed on your computer. Uninstalling it will be difficult for all but the most knowledgable users. (I certainly wouldn't qualify - on windows anyway).

Before you attempt to play any Sony/BMG CD, look =very= carefully at the CD, because there is a possibility that some nasty stuff will be installed on your computer without giving you any warning or notice, and it will be extraordinarily hard to get rid of.

1 posted on 10/31/2005 7:59:58 PM PST by zeugma
[ Post Reply | Private Reply | View Replies]

To: zeugma

Your link doesn't install a rootkit, does it?...

(half joking)


2 posted on 10/31/2005 8:04:32 PM PST by Cringing Negativism Network (There's nothing sarcastic in this post. Sure there isn't. Not one bit.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

Time to call a lawyer.

I have no problem with Sony wanting to protect their legal rights on the music. But stealth installation of malware is beyond the pale.

Note to self, purchase no products of any kind from Sony.


3 posted on 10/31/2005 8:05:09 PM PST by ChildOfThe60s (If you can remember the 60s......you weren't really there.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

They are forcing people to pirate songs with this DRM spyware crap.


4 posted on 10/31/2005 8:06:05 PM PST by BipolarBob (All Israel shall be saved.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ChildOfThe60s
"I have no problem with Sony wanting to protect their legal rights on the music. But stealth installation of malware is beyond the pale."

Enough of a critical mass and you have a pretty nice class-action lawsuit.

5 posted on 10/31/2005 8:13:43 PM PST by Tench_Coxe
[ Post Reply | Private Reply | To 3 | View Replies]

To: zeugma
It's a good thing that there was a (very) verbose article, because I take everything from Slashdot with a very large amount of salt.

Case in point, here's an article on "Internet is Killing the Newspaper" and some of the brilliant groupthink comments:

I'd say people end up being far more informed. Major newspapers will never present worthwhile news, because it is too costly for them. They most likely will not report on the misdeeds of major advertisers. Likewise, in America especially, if they question the administration they'll immediately lose their press access. Thus all they can do is put out bullshit, and hope that people continue to buy their papers. But it looks like people are catching on, and thus people aren't buying their papers.

Then again, many news websites are not as tied up. They can offer viewpoints that the major papers could never think of presenting. Even if their news is incorrect, it still may provoke thought in its readers, perhaps enough for them to investigate other news sources, and hence to make up their own mind based on the information they can obtain.

and

The last 5 years have seen all the media here become totally none critical of politicians. Prior to 9/11, the media would actually research and the print interesting news about the national and local politicians. Now, I have found that Al Jazeera/BBC does a better job of reporting on our national stuff than does Denver Post and Rocky mountain news (with Al Jazeera you have to treat it like Old Pravda/ Current fox news and be careful of propoganda). Sad state of affairs.

Granted, these are just two opinions, but it's the groupthink there. Try reading this article on Is the US Becoming Anti-Science? and try not to vomit with liberal BS.

6 posted on 10/31/2005 8:13:48 PM PST by Dan Nunn (http://marklevinfan.com/Audio/WhyAreWeAtWar.wma)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

For those that don't know, sysinternals.com is an awesome site.

I've exchanged a few emails with Russinovich. He is a very talented individual.


7 posted on 10/31/2005 8:14:35 PM PST by VeniVidiVici (What, me worry?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma
I an not a computer or legal guru, but even I can see there's something deeply wrong with this.

Can anyone explain to me why it is that punk kid programmers who write software like this face probable jail time, but when Sony corporation does exactly the same thing, they're just "protecting their copyright"?

How is a trojan horse opening up security holes from Sony any different from a trojan horse from the computer nerd down the street?

Why isn't Sony facing criminal prosecution under the various anti-digital terrorism acts?

8 posted on 10/31/2005 8:24:27 PM PST by pillbox_girl
[ Post Reply | Private Reply | To 1 | View Replies]

To: Dan Nunn
Try reading this article on Is the US Becoming Anti-Science? and try not to vomit with liberal BS.

No thanks. I know what is useful to read at /. and what is not. In this case the article itself is fairly insightful in itself. I suspect the details will be beyond most people, but as long as the message "beware Sony/BMG" gets out, that's all I want. I think this DRM stuff is evil, and is one of hte main reason I don't buy anything anymore except what I find at second-hand stores.

9 posted on 10/31/2005 8:25:48 PM PST by zeugma (Warning: Self-referential object does not reference itself.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: VeniVidiVici
I've exchanged a few emails with Russinovich. He is a very talented individual.

Dammned straight. I think he knows windows better than most folks at microsoft. When I used to use windows, I poked his site regularly for information.

10 posted on 10/31/2005 8:27:19 PM PST by zeugma (Warning: Self-referential object does not reference itself.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: zeugma

> The bottom line on this: attempting to play some
> Sony BMG CDs (on windows) will result in a poorly
> written rootkit to be installed on your computer.

But presumably only if you still have Autoplay, aka
Auto Insert Notification, enabled for that optical
drive (which, unfortunately, it is by default, and
is often silently re-enabled after app installs and
Windows updates).

AP/AIN is another of Mr.Bill's gifts to crackers, and
it appears that some of these crackers work for Sony.


11 posted on 10/31/2005 8:28:06 PM PST by Boundless
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

About 4 years ago I concluded that I would never buy another CD from a major label because of their attempts to install software on my computer and because they were all caught price fixing

But I also won't use P2P programs to trade copyrighted content for various reasons...

I won't download from Itunes or any of the other major services because none of them sell MP3s - they are all crippled in some way.

So here I am, a guy who bought an album (and a later a CD) a week from the age of 13 to 38 and the industry gets not a penny from me and I am reduced to recording digitally off DirectTV music channels and capturing internet radio broadcasts.... very sad.


12 posted on 10/31/2005 8:30:28 PM PST by gondramB
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

Wow. Great find zeugma...

To think that they used to consider windows root kit proof...


13 posted on 10/31/2005 8:30:38 PM PST by ChinaGotTheGoodsOnClinton (To those who believe the world was safer with Saddam, get treatment for that!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

You're absolutely right. It's ridiculous what these MPAA and RIAA participants will do to protect their cartel. Suing their own customers, installing rootkits or spyware or whatever it is, it goes well beyond this. I have no love for these organizations and rarely, if ever, buy music CD's and movie DVDs for this reason (as well as not wanting my money to support people like Hanoi Jane and musical "talent" like Eminem).


14 posted on 10/31/2005 8:30:39 PM PST by Dan Nunn (http://marklevinfan.com/Audio/WhyAreWeAtWar.wma)
[ Post Reply | Private Reply | To 9 | View Replies]

To: zeugma

Drat. Can't get that RKR thingie to run.

Downloaded and unzipped ok, but when I click it
it just asks me what application I want to open an
exe file with.


Do you spoze my Linux box has been rootkitted already?


15 posted on 10/31/2005 8:33:09 PM PST by adamsjas
[ Post Reply | Private Reply | To 1 | View Replies]

To: pillbox_girl
Why isn't Sony facing criminal prosecution under the various anti-digital terrorism acts?

Because some animals are more equal than others. RIAA and MPAA own several senators.

This rootkit is pretty darned sneaky. Very few will ever even know they have it. I hope sysinternals can come up with an automated check for it. Perhaps then a class-action might be possible. This is something I'd really like to see. These multinational megacorps need to understand the limits of our forbearance.

Probably the biggest reason this won't go anywhere is because no newspaper or network is going to take the advertizing hit that would come from pushing this story hard. Money is power.

16 posted on 10/31/2005 8:33:41 PM PST by zeugma (Warning: Self-referential object does not reference itself.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Dan Nunn

Slashdot is a sick place, but Russinovich (sysinternals.com) is a genius and no open-source nutball.


17 posted on 10/31/2005 8:46:02 PM PST by old-ager
[ Post Reply | Private Reply | To 6 | View Replies]

To: Boundless

You have to use their player to play it. At least on a computer.

So from the looks of it, that doesn't really matter.


18 posted on 10/31/2005 8:52:56 PM PST by DB (©)
[ Post Reply | Private Reply | To 11 | View Replies]

To: zeugma

Counting the minutes until Elliot Spitzer sues Sony/BMG....


(crickets)


19 posted on 10/31/2005 9:04:50 PM PST by MediaMole
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

Most interesting indeed. Thanks for posting.


20 posted on 10/31/2005 9:20:08 PM PST by Texas_Jarhead
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-8081-88 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson