Posted on 11/12/2005 3:43:10 PM PST by steve-b
The rootkit's purpose is to prevent ripping software from working correctly when a "protected" disk is inserted
Interesting quote: I've never [before] seen an industry that criminalizes its own consumers to the extent that consumers would rather steal from them than pay for the product
If the software does not allow the creation of unencrypted copies, the above restrictions would apply based upon what software Sony supplies for decryption. And if it does allow the creation of unencrypted copies, then any requirements the rootkit may impose become moot if someone clean-boots from another device.
So what's the point again?
But if the ripping software would work correctly in the absense of the rootkit, all someone would have to do is run it on a machine with autorun disabled where the rootkit hadn't yet installed itself.
From Wikipedia entry on the Sony DRM rootkit:
XCP.Sony.Rootkit installs a DRM executable as a Windows service, but misleadingly names this service "Plug and Play Device Manager", employing a technique commonly used by malware authors to fool everyday users into believing this is a part of Windows. Approximately every 1.5 seconds this service queries the primary executables associated with all processes running on the machine, resulting in nearly continuous read attempts on the hard drive. This has been shown to shorten the drive's lifespan.Furthermore, XCP.Sony.Rootkit installs a device driver, specifically a CD-ROM filter driver, which intercepts calls to the CD-ROM drive. If any process other than the included Music Player (player.exe) attempts to read the audio section of the CD, the filter driver inserts seemingly random noise into the returned data making the music unlistenable.
XCP.Sony.Rootkit loads a system filter driver which intercepts all calls for process, directory or registry listings, even those unrelated to the Sony BMG application. This rootkit driver modifies what information is visible to the operating system in order to cloak the Sony BMG software. This is commonly referred to as rootkit technology. Furthermore, the rootkit does not only affect XCP.Sony.Rootkit's files. This rootkit hides every file, process, or registry key beginning with $sys$. This represents a vulnerability, which has already been exploited to hide World of Warcraft RING0 hacks as of the time of this writing, and could potentially hide an attacker's files and processes once access to an infected system had been gained.
I'm a Win32 API expert. 10-to-1 odds that they were trying to create un-uninstallable software and picked the fastest way to do so without concern for the side-effects it'd have.
Exactly. The software will only protect the CD from the unsophisticated majority
I very much doubt that. They wanted the rootkit part to be left on people's computer even if they removed the player. No way you'd convince a technically literate jury otherwise.
I'd misread the double-negative.
I had to give up coffee a month ago. Things just haven't been the same since.
Probably to make it harder for anti-virus and anti-malware software to detect the DRM. Or maybe to make it harder for people to figure out how to get around the DRM, since it's hard to reverse engineer what you can't see.
If it's in microscopic print somewhere on the CD case and not on the CD they better get ready to loose some money.
Some copy-protected CDs play interesting games with the session headers so that the PC (which processes headers that most CD players ignore) will think the session containing the music has been superceded, and thus won't see the music session; these CDs then include an encrypted copy of the music which is visible to the PC side.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.