Posted on 11/02/2005 7:04:33 PM PST by Cicero
Sony to Help Remove its DRM Rootkit By Nate Mook, BetaNews November 2, 2005, 4:04 PM When Mark Russinovich was testing his company's security software last week, he came across a disturbing find: a Sony BMG CD he purchased from Amazon had secretly installed DRM software on his PC and used "rootkit" cloaking methods to hide it. With the story sweeping across the Net, Sony is attempting to clean up its mess.
DRM, or digital rights management, is nothing new to CDs. Record companies began employing software to prevent users from easily transferring tracks to a PC after the explosion of file sharing activity that followed Napster's debut in 1999. But for the most part, the DRM was quite rudimentary and only required the pressing of the "shift" key to bypass.
Not so with Sony's latest batch of CDs from Switchfoot, Van Zant and others. Using technology developed by British software company First 4 Internet, the CDs limit the number of copy-protected backups that can be made. To enforce the restriction, software and drivers are installed without a user's knowledge when the CD is accessed.
Russinovich first discovered a hidden directory and several hidden device drivers -- none of which would show up in Windows Explorer. He soon found the driver responsible for the cloaking, which was designed to hide every file and location that begins with: $sys$.
After tracing the rouge software back to his recently purchased Van Zant CD, Russinovich attempted to uninstall the DRM, but to no avail.
"I didn't find any reference to it in the Control Panel's Add or Remove Programs list, nor did I find any uninstall utility or directions on the CD or on First 4 Internet's site. I checked the EULA and saw no mention of the fact that I was agreeing to have software put on my system that I couldn't uninstall," he wrote on his company's blog. "Now I was mad."
When he forcibly removed the software and registry entries by hand, Russinovich found his CD player was no longer functional. Further advanced registry hacking fixed the problem, but he noted that the vast majority of computer users would simply "cripple their computer" if they tried to delete the First 4 Internet DRM.
Although cloaking files and not providing a method of removal is not dangerous in and of itself, the case sparked a flurry of discussion online. Most users agreed that the actions of Sony and First 4 Internet questionable at best, and security experts warned of potential threats. For example, a virus writer could simply hide files by naming them using the $sys$ prefix.
For its part, First 4 Internet claimed the technology was only found on CDs from earlier this year and said it had created new methods to hide the DRM. Nonetheless, the company has decided to issue a patch to eliminate the cloaking and "allay any unnecessary concerns."
The patch will be made available for download from Sony BMG's Web site, with another offered directly to antivirus vendors. The DRM software will not be removed, however, only uncovered; that means users will still be unable to delete it without risk of rendering their CD drive inoperable.
Customers must contact Sony BMG support for removal instructions.
"While I believe in the media industry's right to use copy protection mechanisms to prevent illegal copying, I don't think that we've found the right balance of fair use and copy protection, yet," said Russinovich. "This is a clear case of Sony taking DRM too far."
Distruction of Private Property is still illegal and Sony is guilty of doing that to millions of their customers.
And the music industry wonders why people don't want to buy their products? Well, duh!!
My Condolences...
I prefer lipstick and eyeshadow software. They're so sexy.
Here's a good one -- go to the Sony/BMG site and download the removal software. Oh, surprise! If you are using Firefox, you can't get it...you will need to use the ActiveX and Internet Explorer. That will make some more friends for Sony!
I am tempted to actually go out and buy one of these CDs from Sony/BMG, just to qualify for participation in the class action lawsuit. Of course, in these cases, the actual victims would get a $2 coupon toward the purchase of a Sony CD, while the lawyers make trillions of dollars.
Next headline: "Sony Software Removal Tool Sending Credit Card Info to HQ - Scheme to Make Up Lost Music Revenue"
Senator "Disney" Fritz Hollings probally can be found to have a hand in any and all such laws.
Yes, I suspect this stupid move was probably criminal, at least technically. And if it breaks people's CD drives or allows hackers to insert viruses disguised as Sony files, then there will be a good deal of very expensive damages to worry about.
What blows my mind is that I have always thought of Sony as a reputable company. I suppose this comes of having taken over a Hollywood outfit in the music and movie business.
That's about right. I occasionally get one of those mailings asking if I want to join a class action lawsuit because someone manipulated a stock I had bought during a certain period, or the like, but I can't say that I have ever seen a bean of it.
What I think probably will get Sony to move of the dime and fix this is fear of losing their reputation. They have a considerable reputation to lose. I would imagine they are not happy with the Hollywood hotshots who dreamed this one up.
Guess I will just have to download my music off the net to be safe.
I've had more problems playing CDs on my computer than someone else's mp3s.
A complete listing of Sony Music artists from A to Z can be found here;
http://www.sonymusic.com/artists/
The Macs did pretty good when Sony was using the felt-tipped pen security. But time change--
Added to this heady mixture in recent weeks is a new generation of digital copy protection that's been showing up on music CDs distributed by Sony in Europe. Fast becoming known as the case of "Celine Dion Killed My iMac," initial reports indicate that these discs are not only unreadable by computers, but may actually crash them and prevent them from rebooting, necessitating a service call.
http://www.macopinion.com/columns/curmudgeon/
UHh, where's the CD eject button on my Mac??!!
Maybe my OSX86 will still work!
Sony could have owned the MP3 player market and extended the dominance of the Walkman at least another generation. But NO!
Of course. Didn't you read the whole story? They have a new, harder to find software they want to slip into your machine.
"and said it had created new methods to hide the DRM. "
I have an iRiver MP3 player, which I bought before the iPod explosion. I agree that Sony was slow to get into that market.
Sony's reputation has been tanking for the past few years anyway. They've become so obsessed with pushing their proprietary formats for everything as well as their DRM schemes that they've lost their edge in innovation. Many of Sony's products these days lack a lot of the features of their competitors' stuff, and are overpriced to boot.
This fiasco won't help them out of that ditch one little bit.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.