I've never been able to pull this off. Anyone?
Posted on 11/05/2005 10:03:08 AM PST by Quick1
Sony is in trouble but we might be the ones who lose out in the end, says technology commentator Bill Thompson.
Sony says it has been using XCP for months Sony BMG, the record company part of the multinational corporation that makes laptops, TVs, movies and many other things, is in trouble this week thanks to a copy protection scheme it has used on a number of its CDs.
The software, called Extended Copy Protection or XCP, hides itself on your hard drive using techniques normally reserved for viruses, worms and trojans, which use similar "rootkits" to evade detection.
And if you notice it is there and try to remove it you may stop your computer recognising its CD drive.
This is because the cloaking techniques involve making changes to the Windows registry, altering the way device drivers work and generally messing with your installation.
XCP was developed by a UK company called First 4 Internet, and Sony says that it has been using it for months.
It is one of many competing techniques used by record companies to try to stop people making copies of music files from CD as they fear that their customers will then make the music available online without permission.
(Excerpt) Read more at news.bbc.co.uk ...
Anyone else want to start the class action lawsuit with me?
From Pournelle's page, on this:
A WARNING
I have been spending far too much time verifying this incredible story, but it is all true.
I just sent the following letter to all my subscribers:
This is a Chaos Manor Warning. I would be shouting if I were not concerned that it would trigger your spam filters.
You may or may not be familiar with the Sony Music CD Root Kit problem.
Let me begin with the warning: do not buy or install any Sony Music CD on your PC. The records play just fine on other systems. There's no problem with Mac or Linux or with self contained music players.
But if you try to play that record on your CD, it will tell you that you must install the Sony CD player codec (you can't play the record through Microsoft Media Player or any other stuff you have installed on your system).
DO NOT INSTALL THAT SOFTWARE. If you do you may never be able to get it off there short of scrubbing your system down to bare iron, reformatting, and reinstalling everything. I wish I were spoofing you, but I am not. This is a serious warning.
Moreover, if you have given a Sony Music CD to anyone as a gift, and they have tried to play that music on their PC (not Mac, not a standalone player, not Linux, but Windows PC) then their systems are infected, and it is exceedingly difficult -- exceedingly difficult -- to remove that infection in a way that doesn't blue screen of death the PC.
MY ADVICE IS NOT TO BUY ANY SONY MUSIC CD.
I have heard nothing about Sony movie DVD's having any such infection, but it's possible. So far all my Sony DVD's have played with Power DVD and I have not been asked or required to install any special Sony software to play a Sony movie DVD; if I am asked to do so I will refuse, and so should you.
Understand that the Root Kit on the Sony Music CD is a deliberate installation by Sony as part of a Digital Rights Management scheme. They will now, if you jump through enough hoops, send you a patch that will make their scheme visible -- like all root kits, their original installation so infects your operating system as to hide in a directory your operating system literally cannot see or access -- but it still does not remove it.
I'll have more on removal in the column and at another time this being column time. I will also have a
DO NOT BUY SONY MUSIC CD
warning in my Christmas Shopping List in the column.
This is a serious infection: the scheme has actually been used by third parties to hide other malware on systems that have the Sony root kit installed, and others have used the Sony root kit to hide cheat software for World of Warcraft. Even if you think you know what you are doing, you should not fool around with this stuff. It's dangerous, it's very difficult to remove, and there is a very real risk that you will have to reformat your disk and reinstall your OS and everything else.
For more information see:
http://www.theregister.co.uk/2005/11/01/sony_rootkit_drm/
http://www.theregister.co.uk/2005/11/03/sony_rootkit_drm/
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
The last reference is to the Sysinternals page where an incredulous Mark Russinovich relates how he found the root kit on his system: the root kit has been out for months, and this is the first indication of it's existence.
Sony did a splendid job of stealthing this.
I will have more in the column and on the web page. If you have bought and installed a Sony Music CD on your PC, *you need more help than I can give you*. Start with the Sysinternals page, and *proceed with extreme caution*.
And the best of British Luck to you.
Best regards,
Jerry Pournelle
Chaos Manor
And an addendum: The system "Phones Home". See
http://www.sysinternals.com/blog/2005/11/more-on-sony-dangerous-decloaking.html
"Let me begin with the warning: do not buy or install any Sony Music CD on your PC"
I'll go one better - not buying any more Sony products. Screw them.
2nd that
So this wasn't on Sony CD's a few years ago? Because I haven't purchased a new CD in quite some time.
I think I'll settle for a boycott. This is outrageous, although I know there will be fans of this malware who will try to suggest I have something "against" copyright protection. I don't, as long as it doesn't hurt my computer or my cd player.
That would require actually buying the product. Still, I would think a class-action lawsuit absolutely and 100% justified in this case even if I'm not a class member.
Still, it seems to me that one's risk of infection is lower when downloading MP3's with some 'sane' protocol (http: or ftp:) and then running them through a validity checker, than it is when actually buying music.
And this nonsense of Sony's is supposed to ENCOURAGE the latter behavior?
I've never been able to pull this off. Anyone?
The article says: "XCP was developed by a UK company called First 4 Internet, and Sony says that it has been using it for months."
It's quite amazing...despite their CLEAR claims that it doesn't do any contact, it's now been confirmed that the Trojan surreptitiously begins "phoning home" to Sony once it's installed on your system, transmitting information about what CDs you are playing. (As cited by Pournelle, that's at http://www.sysinternals.com/blog/2005/11/more-on-sony-dangerous-decloaking.html.) AND, also described on that page, their "uninstall" routine actually installs MORE stuff. What chutzpah!
I'm glad to boycott Sony...though I don't know how Sony BMG ties with consumer electronics. I've found their products to be well marketed and good ideas, but poorly engineered (plugs going directly to circuit board instead supported by the case, etc.) I do like my Clié, but oh well..
Oh, and I think there should be some hefty Federal prison time for this...but then again, IANAL.
The article says: "XCP was developed by a UK company called First 4 Internet, and Sony says that it has been using it for months."
This is a criminal action if it's not clearly described and consented to by the customer.
bookmarked
No more Sony for me.
Sont has a fix on their site that you can check out:
http://cp.sonybmg.com/xcp/english/updates.html
I hope they fall on seriously hard times.
I wouldn't trust it, since it contains lies in the description. The link says "This component is not malicious and does not compromise security.", both of which are lies.
The mechanism they use opens up a number of security holes (simple web-exploitable downloads of files to replace their "hidden" files means just about anything could be installed on a machine if this rootkit was already there, just by replacing one of the files, such as DRMServer.exe, that they put in their hidden directory at c:/windows/system32/$sys$filesystem/) as well as reducing the stability of the machine (arbitrary additional entry in the service table).
Worse is that the thing is horribly written. Not only does it hide itself, but it hides any file (or directory), registry key, or system process that starts with "$sys$", so all a hacker needs to do to create a "ghetto-rootkit" is to name their exploit with that nomenclature (i.e., with this installed a running program callled "$sys$exploit.exe" would not show up in the Task Manager or in directory listings).
There are also a number of bugs in the code, and since Sony's exploit patches kernel calls, it could make a system unstable under a variety of conditions.
On a positive note, it has been reported that online gamers have been exploiting the Sony rootkit by renaming their cheating programs to begin with $sys$ which effectively makes it 'disappear'. Then when they log in to play the game it allows them to cheat without detection by the server.
Lemonade out of lemons /sarcasm.
I don't HAVE a non-PC CD player. If it's going to mess with my PC, I'm not going to buy it.
Precisely. Now not only is pirated content more usable than "legitimate" DRM-crippleware, it's safer too.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.